This is a great topic and you have done an excellent job in breaking it down for even non tech users to easily understand the concept.I think the users now as you say should be more careful and they should report to the forum more specifically to this thread what they think as anomalies found on their gambling website or platform.
Sure this will help a lot in this regard.
Topic: Do you verify every bet as a gambler? Provably Fair Guide. - page 15. (Read 4887 times)
thanks for the effort of putting this up but may i know if what site is it that gives incorrect verification . thats shady then , but do you already reported them ? this is bad if its happening on reputable casinos because this can damage thier reputation but by the way , your given points above are correct . about changing client seed , many gamblers believe on it that changing it will give miracles but for me i dont believe on it . i never change my seed but i still feel that the results are the same . i dont verify my bets because i dont have a doubt on a gambling site that im playing with but i check it once though and the result match .
~~~
I hope your experiences and observations over the past few weeks can open your eyes to anyone who gamblers. So far not many people realize that the site can be manipulated and unfair to players and your explanation really helps them find out more about PF scripts on gambling sites. I will immediately practice what you have just explained about PF and it is true that without PF we are not said to gamble but we are cheated. (if you don't trust the casino then you should not trust their verification scrypt).
That is the most important part in my opinion. If you use a sites own script to verify the fairness of the site itself you just waste your time. The script wont prove the site as "unfair" in any circumstances 
I always copy the hash of the server seed and provide my custom client seed to avoid any manipulation. However,I don't check all the results, only when I have doubts using third party tools (if you don't trust the casino then you should not trust their verification scrypt).
~snip~
A helpful guide.
Pretty sure that 80%-90% of gamblers or people here doesnt even know on how Provably fair works.
So this post is a good read up for people to know on how to check the fairness of a certain site.
People just tend to stick out with known or popular ones and treat it up to be fair along the way.
Thanks for sharing this. I wouldn't name a site where I have played in past in like 2016 where I was losing 50s of bets in a row at 50% win chance and after a few days I came to know how the site was changing the client seed itself and how I was being manipulated and I didn't play there anymore. Truly, anything can be done these days!
That is why gamblers should always check the site's fairness if it really what the site claim. Mostly, the legit gambling sites is not rigged and it's completely random that is why it is gambling. If it is not random and my opinion about it is that it's not a gambling site but a scam scheme. If it is rigged the things that will happen to gamblers is mostly lose and seldomly wins. 
~snip~
A helpful guide.
Pretty sure that 80%-90% of gamblers or people here doesnt even know on how Provably fair works.
So this post is a good read up for people to know on how to check the fairness of a certain site.
People just tend to stick out with known or popular ones and treat it up to be fair along the way.
Thanks for sharing this. I wouldn't name a site where I have played in past in like 2016 where I was losing 50s of bets in a row at 50% win chance and after a few days I came to know how the site was changing the client seed itself and how I was being manipulated and I didn't play there anymore. Truly, anything can be done these days!
~~
I have been playing in an online betting website for the past couple of weeks but still have not won even a single time. It made me suspect that the site is rigged and that unless their bots say so, we wouldn't be able to get profits from them. I'll try to use your procedures just to confirm my claim as if it is true then they are fooling hundreds of thousands of gamblers rihht now to a game we virtually have no way or chance at winning. So I thank you for this. Help like these should be much readily available in this channel as gambling is the riskiest thing you could do with bitcoin.Your experience surely sounding fishy. I would recommend you to check the fairness of site.
I have discovered another way a gambling site can scam players. Under this, a site has a special code which sets the checkbox false if player has less than say, 100 bets. But as soon as player plays more than that, code checks if player has ever changed his client seed or not. If no, this means player never checked the fairness of game and doesn't care about provably fair at all. In that case, code changes the status of checkbox to true. Then provably fair code checks if checkbox is true/false. If true then fake seed hash is shown to player and game is rigged.
UPDATE (31/08/20): BTCGOSU has launched a biggest third-party provably fair verifier tool where you can verify bets for over 25 casinos in single page. Check out now: https://www.btcgosu.com/tools/provably-fair-verifier/
Provably Fair Script is one of the basic element of online gambling, especially for crypto based casinos. However, most of the gamblers don't give dime about it while some don't even know what is it and how it operates. I started crypto gambling in 2016 and didn't know about Provably Fair for most of my initial gambling days. But believe me in the absence of Provably Fair, you are not gambling, you are just being cheated by the house.
The basic idea of this thread is to share my views on PF script and how to make most out of it. I have spent few weeks developing unique logic for Provably Fair script for upcoming gambling site clubbing it with blockchain technology. While developing it, I visited around 20 casinos and tried their PF script to understand current practice. However, this thread is not about my script but about current practice.
If you are in this section, you probably have heard about Provably Fair script and may be verifying your bets too. But have you ever tried to understand the logic behind it? If not, let me give a brief explanation on how Provably Fair system works.
Different gambling sites use different Provably Fair implementation however the basic idea is to generate a random number based on three factors: client seed, server seed and nonce.
Client seed: It can be anything. It is up to player to choose anything as his client seed. For example, I can use 'webtricksClientSeed' as my client seed or 'thisIsMyRandomClientSeed'. However, while choosing client seed make sure three things:
(i) Always choose new seed for new bet (never try same client seed with new server seed).
(ii) Don't choose easily identifiable seeds like I mentioned above (close your eyes and type random numbers and alphabets. I do like this and it works
).
(iii) Site will generate random client seed for you but don't use it. Always choose your own.
Server Seed: It is generated by server. Server will choose random string of random length and convert it to sha256 hash which will provided to you. For example, if server picks 'thisIsRandomSeed' as server seed then this will be provide you: 45006cccc7e44ee0b6c0752469de2fe1ad6bff589fb789bfb60773224cf2cc0a.
Since sha256 is one-way hashing you will know sha256 hash before making bet but you cannot decipher server seed before betting. The site will show you unhashed server seed once you change your seeds. Then you can verify that the sha256 hash of server seed is similar to what was presented to you before bet.
Nonce: In context of Provably Fair, nonce is mostly regarded as the number of times you have made bet with the combination of same client and server seed. For example, if I make two bets with 'ClientSeed' as client seed and 'ServerSeed' as server seed then the result of bet will be generated on the basis of 'ClientSeed+1+ServerSeed' for first bet and 'ClientSeed+2+ServerSeed' for second bet.
Here is graphical illustration of what I just said:
(Some people say my drawings are as good as Picasso's.)
Now coming to how results are driven from these seeds. As I said earlier, different sites use different logic to determine result. However, there is one basic logic which is being used by around 80% of the casinos, notably Fortunejack, PrimeDice, Bitsler etc. This is how it works:
Step 1: First of all let's assume three variables. Server seed = 'ServerSeed', client seed = 'ClientSeed' and nonce = 1. Now we have to use hmac authentication by hashing our variables using sha512 hashing algorithm. Server seed will serve as a secret key to generate hash while client seed and nonce will be used as an input like this: 'ClientSeed-1' or 'client seed - nonce'.
Step 2: So the hash of the above seeds will look like this: 671e7387e26fa724d089521805430866b29f6849ad2928a26e5ed01101f72f57883b972f20f9464 d99ab13c2adcf37bd955863c69697739628d70969adba1ab3
Step 3: Not going into technical term and by simply sticking to layman's language, we have to take first 5 characters of hash i.e. 671e7. Now we have to convert these 5 characters from hex value to integer value which will be: 422375.
Step 4: If the integer value is between 0 and 1million (1,000,000) then it's ok. But if it is more than or equal to 1M then we will use next 5 characters from hash. But since in our case, 422375 is less than 1000000 so this number will determine the result.
Step 5: In this step, we will simply divide the value with 10000 and take the remainder for next step. In our case, 422375 when divided by 10000 will leave 2375 in remainder which will be consider for final step.
Step 6: In this step, we will simply divide the remainder by 100 and this will determine the final result. In our case it will be 23.75. This should match the dice roll. If not then site is most probably cheating you.
Now coming to the most important part. Probably this part is the main reason why I created this thread. Although, the above system is foolproof but site owners can easily fool you if you ain't paying enough attention. So here are the few points you should consider while gambling:
(i) Always copy server seed hash shown to you before betting.
(ii) After bet is complete, create new client seed. Make sure server seed is also changed along with it.
(iii) Once new client seed is created, site will show you unhashed server seed of previous bet. Copy it and convert it to sha256 hash using some third party online tool.
(iv) Match the server seed hash that you copied in step (i) to the one generated in step (iii) and make sure both are exactly same.
Two days ago, I tested my code with few people. I shown them different server seed hash before bet and after bet I kept first 6 characters same, last 3 characters same and few similar characters in the middle. It took just 30-40 seconds for my machine to generate such hash. With more powerful machine, I can speed up the process and create more matching characters. To my surprise, none of the tester noticed that they were shown different server hash before and after bet. It is human tendency that they only consider few letters (probably starting and ending ones) when presented random word like hexadecimal hash. So with bare eyes, no one was able to notice the difference. So be safe and make sure you verify every bet you make. Being a coding enthusiast, I can assure you that it is very much possible that house can easily manipulate results without player even noticing.
Another thing you can do is to use cross-casinos verification. For example, Fortunejack and Bitsler use same script, you can verify your fortunejack bets using bitsler's verification script.
Provably Fair Script is one of the basic element of online gambling, especially for crypto based casinos. However, most of the gamblers don't give dime about it while some don't even know what is it and how it operates. I started crypto gambling in 2016 and didn't know about Provably Fair for most of my initial gambling days. But believe me in the absence of Provably Fair, you are not gambling, you are just being cheated by the house.
The basic idea of this thread is to share my views on PF script and how to make most out of it. I have spent few weeks developing unique logic for Provably Fair script for upcoming gambling site clubbing it with blockchain technology. While developing it, I visited around 20 casinos and tried their PF script to understand current practice. However, this thread is not about my script but about current practice.
If you are in this section, you probably have heard about Provably Fair script and may be verifying your bets too. But have you ever tried to understand the logic behind it? If not, let me give a brief explanation on how Provably Fair system works.
Different gambling sites use different Provably Fair implementation however the basic idea is to generate a random number based on three factors: client seed, server seed and nonce.
Client seed: It can be anything. It is up to player to choose anything as his client seed. For example, I can use 'webtricksClientSeed' as my client seed or 'thisIsMyRandomClientSeed'. However, while choosing client seed make sure three things:
(i) Always choose new seed for new bet (never try same client seed with new server seed).
(ii) Don't choose easily identifiable seeds like I mentioned above (close your eyes and type random numbers and alphabets. I do like this and it works
). (iii) Site will generate random client seed for you but don't use it. Always choose your own.
Server Seed: It is generated by server. Server will choose random string of random length and convert it to sha256 hash which will provided to you. For example, if server picks 'thisIsRandomSeed' as server seed then this will be provide you: 45006cccc7e44ee0b6c0752469de2fe1ad6bff589fb789bfb60773224cf2cc0a.
Since sha256 is one-way hashing you will know sha256 hash before making bet but you cannot decipher server seed before betting. The site will show you unhashed server seed once you change your seeds. Then you can verify that the sha256 hash of server seed is similar to what was presented to you before bet.
Nonce: In context of Provably Fair, nonce is mostly regarded as the number of times you have made bet with the combination of same client and server seed. For example, if I make two bets with 'ClientSeed' as client seed and 'ServerSeed' as server seed then the result of bet will be generated on the basis of 'ClientSeed+1+ServerSeed' for first bet and 'ClientSeed+2+ServerSeed' for second bet.
Here is graphical illustration of what I just said:
(Some people say my drawings are as good as Picasso's.)
Now coming to how results are driven from these seeds. As I said earlier, different sites use different logic to determine result. However, there is one basic logic which is being used by around 80% of the casinos, notably Fortunejack, PrimeDice, Bitsler etc. This is how it works:
Step 1: First of all let's assume three variables. Server seed = 'ServerSeed', client seed = 'ClientSeed' and nonce = 1. Now we have to use hmac authentication by hashing our variables using sha512 hashing algorithm. Server seed will serve as a secret key to generate hash while client seed and nonce will be used as an input like this: 'ClientSeed-1' or 'client seed - nonce'.
Step 2: So the hash of the above seeds will look like this: 671e7387e26fa724d089521805430866b29f6849ad2928a26e5ed01101f72f57883b972f20f9464 d99ab13c2adcf37bd955863c69697739628d70969adba1ab3
Step 3: Not going into technical term and by simply sticking to layman's language, we have to take first 5 characters of hash i.e. 671e7. Now we have to convert these 5 characters from hex value to integer value which will be: 422375.
Step 4: If the integer value is between 0 and 1million (1,000,000) then it's ok. But if it is more than or equal to 1M then we will use next 5 characters from hash. But since in our case, 422375 is less than 1000000 so this number will determine the result.
Step 5: In this step, we will simply divide the value with 10000 and take the remainder for next step. In our case, 422375 when divided by 10000 will leave 2375 in remainder which will be consider for final step.
Step 6: In this step, we will simply divide the remainder by 100 and this will determine the final result. In our case it will be 23.75. This should match the dice roll. If not then site is most probably cheating you.
Now coming to the most important part. Probably this part is the main reason why I created this thread. Although, the above system is foolproof but site owners can easily fool you if you ain't paying enough attention. So here are the few points you should consider while gambling:
(i) Always copy server seed hash shown to you before betting.
(ii) After bet is complete, create new client seed. Make sure server seed is also changed along with it.
(iii) Once new client seed is created, site will show you unhashed server seed of previous bet. Copy it and convert it to sha256 hash using some third party online tool.
(iv) Match the server seed hash that you copied in step (i) to the one generated in step (iii) and make sure both are exactly same.
Two days ago, I tested my code with few people. I shown them different server seed hash before bet and after bet I kept first 6 characters same, last 3 characters same and few similar characters in the middle. It took just 30-40 seconds for my machine to generate such hash. With more powerful machine, I can speed up the process and create more matching characters. To my surprise, none of the tester noticed that they were shown different server hash before and after bet. It is human tendency that they only consider few letters (probably starting and ending ones) when presented random word like hexadecimal hash. So with bare eyes, no one was able to notice the difference. So be safe and make sure you verify every bet you make. Being a coding enthusiast, I can assure you that it is very much possible that house can easily manipulate results without player even noticing.
Another thing you can do is to use cross-casinos verification. For example, Fortunejack and Bitsler use same script, you can verify your fortunejack bets using bitsler's verification script.
Jump to: