Topic: Just-Dice.com : Invest in 1% House Edge Dice Game - page 101. (Read 435357 times)

Thanks for the information, finally a useful post.
On the page it says Does anyone know if it actually means that the client seed is used as a seed for the server seed or if its just a mistakable formulation.

Also I'd like to know how the server seed for each user is saved. There's still the possibility of an SQL injection for example.

And your method is unfamiliar to me! I have no idea where "Variance of 18 000 bets of 200BTC at 49.5%: 200 * sqrt(0.495*0.515*18000) = 13 500" comes from. My method is to simply apply the central limit theorem.

In any case, the exact number is not too important. The important thing (to me) is that the probability of nakowa winning this much under fair circumstances is not out-of-this-world, yet it's important to keep in mind that nakowa COULD theoretically be cheating (seeing the server seed for example). Personally, I do not believe this is happening.

Why do people come up with the same discussions every week on the same thread?  The random number generation used in just-dice is secure.  it takes entropy from OpenSSL's RAND_bytes function which is as secure as you can get without resorting to custom hardware - if you're worried about OpenSSL's RAND_bytes function then be worried about the ephemeral keys used to secure the SSL you use to talk to your bank.

Once it has these random bytes (the seed) it then uses HMAC_512 to generate all the random numbers for the player.  This is predictable because the game has to be provably fair, but it is not possible to determine or predict anything about the output of the function without knowing the server seed (see above).

I wish we could just put these PRNG vs RNG vs TRNG arguments to rest for good.

Will

You understand what a hashing algorithm does? What about the input?

Could you please point out where my mistake is, because I looked at it again and I can not spot it. Also I don't see where you are wrong either although the method you are using is unfamiliar to me.

sha is currently the industry standard hashing algo. Quck google shows us that it is used in the most sensitive applications:
The SHA-2 hash function is implemented in some widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, Bitcoin, PPCoin and IPsec.

i do not feel that my statement is so strong: again, assuming proper implementation, it is as good as it currently gets. There are no known, feasible attacks on sha.

sorry I have just an average brain, so could You please explain what You mean with You're using some strong wording there

I am really very eager to understand why no TRNG is used or if a PRNG is used why not on a 3rd party server?

thanks

Actually he busted a couple of time, but deposited more if I remember correctly.
I was not in the chat though

1) I think the accusations of Nakowa cheating are totally baseless. He didn't win "7 times in a row", in fact here are the outcomes of his last three sessions:

A) -3k
B) -2k
C) +1k

Yesterday (session C) he gambled for 14 hours non stop, and he took the casino's bankroll from -6k to +5k multiple times, which is perfectly normal variance with just 1% house edge and his volume, and he stopped at - 3k for the house which meant +1k for him. I don't see nothing too strange here, 1% edge is a small edge indeed.

If he is indeed cheating IMO he is doing a genius work by hiding the fact, he was closed to busto a couple of times and took him many hours of what looked like totally random gambling until he walked with a relatively small profit considering how much he risked.

2) I agree that invest/divest "day trading" is pure gambling, and a form of "investors fallacy". You just cannot predict random events, and the rolls of a dice are totally random unless the site is flawed (and there's absolutely no evidence to support the latter). Being a "never divest" investor I can confirm as a fact that on average "day traders" got lucky, as both my losses and my break even in relation to casinos profit are increasing, but that's irrelevant because it's still a random event.

The only sure thing is that if Nakowa keeps gambling forever, he will lose it everything - but the long run is long indeed. With his enormous bankroll and reckless gambling he can indeed profit in the short and mid term because the house edge is very slim and he can handle being thousands of BTC down without worrying at all. Nevertheless, the only way for him to prove the site has a flaw is to win all the bankroll, totally breaking the bank, and he is nowhere near that. The only thing he is proving is that by being the only player pushing max profit, and against a slim 1% edge, he can create huge variance.

seriously, sitting here dick in hand, eying my losses.. ugh

You're using some strong wording there. Do you have any source or quotes to underline this or are you just wildly speculating?

o Buying some btc.
o Grabbing some popcorns.
x Waiting for nakowa.

no problem!

as for 'checking' if a trng is possible, it is not merely a question of googleing it and finding one. Sources of randomness are at the heart of cryptography, countless millions of dollars are being poured into top-tier research around it. The system JD uses is close to as good as it gets (assuming proper implementation). This is possible to the standardization of strong cryptographic protocols (and hash functions, such as SHA).



i think he interpreted using a trng as a replacement for the client - server seeds, instead of just for the generation of the server seed.

I understand what you are meaning and it is called selection bias in statistics, but you are misapplying the concept. You are correct that if you play 2 million hands and only select the one hand you actually hit your royal flush to prove a point you are making a big mistake.

Same would be if there were 100 different sites just like just-dice and I picked only the one that was most unlucky to prove something bad was going on I would be making a big mistake. However I am using the full (and only) sample we have so I am really not cherry picking anything.

Here is another example where I would make a selection bias mistake. Look at the betting streak in this post: https://bitcointalksearch.org/topic/m.3263667
He hits 31/38 bets. Now I could say the odds of that happening is like 1/35000 so he has to be cheating. But no, that is a mistake because that sample has been picked out of a much larger sample just because he was extremely lucky in that streak. Because of this I would need to adjust those odds a lot if I was going to try to use that streak to prove any kind of point.

Hope I have explained the difference for you.

I can recommend the following book if you are interested in selection bias and how to adjust for it in real life situations: http://www.amazon.com/Evidence-Based-Technical-Analysis-Scientific-Statistical/dp/0470008741/

could You please explain why he cant prove to players that the site is fair? when using TRNG

That didn't make sense a few pages ago and still doesn't make sense.

thank You very much for taking the time and explaining the RNG problem in more depth. yes I meant the true RNG.
This results in seemingly random data, however, technically speaking, it is not truly random.  and exactly this is giving me a bit of headache and I agree that randomness is a tricky topic but knowing that so much money is involved it should be worth to check if a TRNG is the better possibility and if it is doable.

This is like betting on a trading range of a stock. If it were that easy it would be easy to get rich.

There's all kinds of reasons this can go wrong. For instance you get back in at -1000, only to see it drop to -5000, then you see what looks like a trading range between -6000 and -3000 and start to play that. You eat your loss and start trading that range again, yet as you divest at -3000, it instead goes back up to say 1000 and stays there for days.... eventually you decide to step in again at 1000 forfeiting the gains that would have compensated your earlier loss. Etc, etc...

These strategies only look easy while they work... but it's just luck.

He's also not using a "TRNG" because then it would be impossible to prove to players that the site was fair.

off-topic, ever see random.org? They get randomness from EM atmospheric fluctuations, like you say. But even they need to be concerned about cheating

http://www.random.org/faq/#Q1.4