Pages:
Author

Topic: Just-Dice.com : Invest in 1% House Edge Dice Game - page 101. (Read 435457 times)

sr. member
Activity: 493
Merit: 262
Why do people come up with the same discussions every week on the same thread?  The random number generation used in just-dice is secure.  it takes entropy from OpenSSL's RAND_bytes function which is as secure as you can get without resorting to custom hardware - if you're worried about OpenSSL's RAND_bytes function then be worried about the ephemeral keys used to secure the SSL you use to talk to your bank.

Once it has these random bytes (the seed) it then uses HMAC_512 to generate all the random numbers for the player.  This is predictable because the game has to be provably fair, but it is not possible to determine or predict anything about the output of the function without knowing the server seed (see above).
Thanks for the information, finally a useful post.
On the page it says
Quote
Your client seed for that server seed was
Does anyone know if it actually means that the client seed is used as a seed for the server seed or if its just a mistakable formulation.

Also I'd like to know how the server seed for each user is saved. There's still the possibility of an SQL injection for example.
sr. member
Activity: 464
Merit: 250
The calculation is incorrect I believe, the probability of the profit being worse than it is is around 7% according to my calculations.

Could you please point out where my mistake is, because I looked at it again and I can not spot it. Also I don't see where you are wrong either although the method you are using is unfamiliar to me.

And your method is unfamiliar to me! I have no idea where "Variance of 18 000 bets of 200BTC at 49.5%: 200 * sqrt(0.495*0.515*18000) = 13 500" comes from. My method is to simply apply the central limit theorem.

In any case, the exact number is not too important. The important thing (to me) is that the probability of nakowa winning this much under fair circumstances is not out-of-this-world, yet it's important to keep in mind that nakowa COULD theoretically be cheating (seeing the server seed for example). Personally, I do not believe this is happening.
hero member
Activity: 767
Merit: 500
Why do people come up with the same discussions every week on the same thread?  The random number generation used in just-dice is secure.  it takes entropy from OpenSSL's RAND_bytes function which is as secure as you can get without resorting to custom hardware - if you're worried about OpenSSL's RAND_bytes function then be worried about the ephemeral keys used to secure the SSL you use to talk to your bank.

Once it has these random bytes (the seed) it then uses HMAC_512 to generate all the random numbers for the player.  This is predictable because the game has to be provably fair, but it is not possible to determine or predict anything about the output of the function without knowing the server seed (see above).

I wish we could just put these PRNG vs RNG vs TRNG arguments to rest for good.

Will
sr. member
Activity: 493
Merit: 262
The system JD uses is close to as good as it gets (assuming proper implementation). This is possible to the standardization of strong cryptographic protocols (and hash functions, such as SHA).
You're using some strong wording there. Do you have any source or quotes to underline this or are you just wildly speculating?

sha is currently the industry standard hashing algo. Quck google shows us that it is used in the most sensitive applications:
The SHA-2 hash function is implemented in some widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, Bitcoin, PPCoin and IPsec.

i do not feel that my statement is so strong: again, assuming proper implementation, it is as good as it currently gets. There are no known, feasible attacks on sha.
You understand what a hashing algorithm does? What about the input?
sr. member
Activity: 465
Merit: 254
The calculation is incorrect I believe, the probability of the profit being worse than it is is around 7% according to my calculations.

Could you please point out where my mistake is, because I looked at it again and I can not spot it. Also I don't see where you are wrong either although the method you are using is unfamiliar to me.
member
Activity: 76
Merit: 10
Enemy of the State
The system JD uses is close to as good as it gets (assuming proper implementation). This is possible to the standardization of strong cryptographic protocols (and hash functions, such as SHA).
You're using some strong wording there. Do you have any source or quotes to underline this or are you just wildly speculating?

sha is currently the industry standard hashing algo. Quck google shows us that it is used in the most sensitive applications:
The SHA-2 hash function is implemented in some widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, Bitcoin, PPCoin and IPsec.

i do not feel that my statement is so strong: again, assuming proper implementation, it is as good as it currently gets. There are no known, feasible attacks on sha.
elm
legendary
Activity: 1050
Merit: 1000
The system JD uses is close to as good as it gets (assuming proper implementation). This is possible to the standardization of strong cryptographic protocols (and hash functions, such as SHA).
You're using some strong wording there. Do you have any source or quotes to underline this or are you just wildly speculating?

sorry I have just an average brain, so could You please explain what You mean with You're using some strong wording there

I am really very eager to understand why no TRNG is used or if a PRNG is used why not on a 3rd party server?

thanks
full member
Activity: 252
Merit: 100
MARKETPLACE FOR PAID ADVICE LIVE BROADCASTS
Actually he busted a couple of time, but deposited more if I remember correctly.
I was not in the chat though
legendary
Activity: 1148
Merit: 1018
1) I think the accusations of Nakowa cheating are totally baseless. He didn't win "7 times in a row", in fact here are the outcomes of his last three sessions:

A) -3k
B) -2k
C) +1k

Yesterday (session C) he gambled for 14 hours non stop, and he took the casino's bankroll from -6k to +5k multiple times, which is perfectly normal variance with just 1% house edge and his volume, and he stopped at - 3k for the house which meant +1k for him. I don't see nothing too strange here, 1% edge is a small edge indeed.

If he is indeed cheating IMO he is doing a genius work by hiding the fact, he was closed to busto a couple of times and took him many hours of what looked like totally random gambling until he walked with a relatively small profit considering how much he risked.

2) I agree that invest/divest "day trading" is pure gambling, and a form of "investors fallacy". You just cannot predict random events, and the rolls of a dice are totally random unless the site is flawed (and there's absolutely no evidence to support the latter). Being a "never divest" investor I can confirm as a fact that on average "day traders" got lucky, as both my losses and my break even in relation to casinos profit are increasing, but that's irrelevant because it's still a random event.

The only sure thing is that if Nakowa keeps gambling forever, he will lose it everything - but the long run is long indeed. With his enormous bankroll and reckless gambling he can indeed profit in the short and mid term because the house edge is very slim and he can handle being thousands of BTC down without worrying at all. Nevertheless, the only way for him to prove the site has a flaw is to win all the bankroll, totally breaking the bank, and he is nowhere near that. The only thing he is proving is that by being the only player pushing max profit, and against a slim 1% edge, he can create huge variance.
member
Activity: 76
Merit: 10
Enemy of the State
o Buying some btc.
o Grabbing some popcorns.
x Waiting for nakowa.


seriously, sitting here dick in hand, eying my losses.. ugh

sr. member
Activity: 493
Merit: 262
The system JD uses is close to as good as it gets (assuming proper implementation). This is possible to the standardization of strong cryptographic protocols (and hash functions, such as SHA).
You're using some strong wording there. Do you have any source or quotes to underline this or are you just wildly speculating?
full member
Activity: 252
Merit: 100
MARKETPLACE FOR PAID ADVICE LIVE BROADCASTS
o Buying some btc.
o Grabbing some popcorns.
x Waiting for nakowa.
member
Activity: 76
Merit: 10
Enemy of the State
thank You very much for taking the time and explaining the RNG problem in more depth. yes I meant the true RNG.
This results in seemingly random data, however, technically speaking, it is not truly random.  and exactly this is giving me a bit of headache and I agree that randomness is a tricky topic Smiley but knowing that so much money is involved it should be worth to check if a TRNG is the better possibility and if it is doable.


no problem!

as for 'checking' if a trng is possible, it is not merely a question of googleing it and finding one. Sources of randomness are at the heart of cryptography, countless millions of dollars are being poured into top-tier research around it. The system JD uses is close to as good as it gets (assuming proper implementation). This is possible to the standardization of strong cryptographic protocols (and hash functions, such as SHA).



could You please explain why he cant prove to players that the site is fair? when using TRNG

i think he interpreted using a trng as a replacement for the client - server seeds, instead of just for the generation of the server seed.
sr. member
Activity: 465
Merit: 254
My english is pretty bad. What I mean is that even if your math are right (didn't check), a less than 1% possibility doesn't make an event unlikely. Like getting a royal flush on a single hand is almost impossible since it's less than 1% chance but it should still happens often on the long run. I don't say nothing is wrong with JD but what is happening is far from impossible so we can't be sure something is wrong.

I understand what you are meaning and it is called selection bias in statistics, but you are misapplying the concept. You are correct that if you play 2 million hands and only select the one hand you actually hit your royal flush to prove a point you are making a big mistake.

Same would be if there were 100 different sites just like just-dice and I picked only the one that was most unlucky to prove something bad was going on I would be making a big mistake. However I am using the full (and only) sample we have so I am really not cherry picking anything.

Here is another example where I would make a selection bias mistake. Look at the betting streak in this post: https://bitcointalksearch.org/topic/m.3263667
He hits 31/38 bets. Now I could say the odds of that happening is like 1/35000 so he has to be cheating. But no, that is a mistake because that sample has been picked out of a much larger sample just because he was extremely lucky in that streak. Because of this I would need to adjust those odds a lot if I was going to try to use that streak to prove any kind of point.

Hope I have explained the difference for you.

I can recommend the following book if you are interested in selection bias and how to adjust for it in real life situations: http://www.amazon.com/Evidence-Based-Technical-Analysis-Scientific-Statistical/dp/0470008741/
elm
legendary
Activity: 1050
Merit: 1000
thanks for clarifying. why is he not using a TRNG?
trng? i assume you mean a 'truly' random generator.

simply because obtaining random data is very hard (not 100% sure, but i have doubts that something like a TRNG exists). On the level JD is operating on (software on a server), you do not have random input with which your software can work with. OS random generators usually work by taking as inputs various pieces of information (such as time, etc.) and then applying algorithms to them. This results in seemingly random data, however, technically speaking, it is not truly random.

If you want to come closer to pure/true randomness, you would need a special hardware-based generator (for example, one that measures micro turbulances in the air) and base your data off it.

Randomness is a tricky topic Smiley

He's also not using a "TRNG" because then it would be impossible to prove to players that the site was fair.

could You please explain why he cant prove to players that the site is fair? when using TRNG
sr. member
Activity: 493
Merit: 262
thanks for clarifying. why is he not using a TRNG?
trng? i assume you mean a 'truly' random generator.

simply because obtaining random data is very hard (not 100% sure, but i have doubts that something like a TRNG exists). On the level JD is operating on (software on a server), you do not have random input with which your software can work with. OS random generators usually work by taking as inputs various pieces of information (such as time, etc.) and then applying algorithms to them. This results in seemingly random data, however, technically speaking, it is not truly random.

If you want to come closer to pure/true randomness, you would need a special hardware-based generator (for example, one that measures micro turbulances in the air) and base your data off it.

Randomness is a tricky topic Smiley

He's also not using a "TRNG" because then it would be impossible to prove to players that the site was fair.
That didn't make sense a few pages ago and still doesn't make sense.
elm
legendary
Activity: 1050
Merit: 1000
what RNG is JD using? did I miss it somewhere?

thanks

click on the "fair" tab at just-dice.com

I clicked and I didnt see any info about the RNG. if You know it and I missed it please let me know the RNG. is it a PRNG?

https://just-dice.com/lucky.txt

thanks but what RNG is it? is this a PRNG?


ofc it is prng. jd uses a sha512 hmac of a seed to generate the lucky numbers. for all intents and purposes this is absolutely random. if you find a pattern, it would imply a serious breakthrough in the field of cryptography (effectively breaking sha).

thanks for clarifying. why is he not using a TRNG?


trng? i assume you mean a 'truly' random generator.

simply because obtaining random data is very hard (not 100% sure, but i have doubts that something like a TRNG exists). On the level JD is operating on (software on a server), you do not have random input with which your software can work with. OS random generators usually work by taking as inputs various pieces of information (such as time, etc.) and then applying algorithms to them. This results in seemingly random data, however, technically speaking, it is not truly random.

If you want to come closer to pure/true randomness, you would need a special hardware-based generator (for example, one that measures micro turbulances in the air) and base your data off it.

Randomness is a tricky topic Smiley

thank You very much for taking the time and explaining the RNG problem in more depth. yes I meant the true RNG.
This results in seemingly random data, however, technically speaking, it is not truly random.  and exactly this is giving me a bit of headache and I agree that randomness is a tricky topic Smiley but knowing that so much money is involved it should be worth to check if a TRNG is the better possibility and if it is doable.
newbie
Activity: 59
Merit: 0
You lose when you divest at +1000 and the profits go to +5000 and never come back.  Or invest at -1000 and profits drop to -5000 and don't come back.  But if they keep going past both your trigger points (-1000 and +1000, say) then you win, and the committed investors lose.

This is like betting on a trading range of a stock. If it were that easy it would be easy to get rich.

There's all kinds of reasons this can go wrong. For instance you get back in at -1000, only to see it drop to -5000, then you see what looks like a trading range between -6000 and -3000 and start to play that. You eat your loss and start trading that range again, yet as you divest at -3000, it instead goes back up to say 1000 and stays there for days.... eventually you decide to step in again at 1000 forfeiting the gains that would have compensated your earlier loss. Etc, etc...

These strategies only look easy while they work... but it's just luck.
newbie
Activity: 12
Merit: 0
thanks for clarifying. why is he not using a TRNG?
trng? i assume you mean a 'truly' random generator.

simply because obtaining random data is very hard (not 100% sure, but i have doubts that something like a TRNG exists). On the level JD is operating on (software on a server), you do not have random input with which your software can work with. OS random generators usually work by taking as inputs various pieces of information (such as time, etc.) and then applying algorithms to them. This results in seemingly random data, however, technically speaking, it is not truly random.

If you want to come closer to pure/true randomness, you would need a special hardware-based generator (for example, one that measures micro turbulances in the air) and base your data off it.

Randomness is a tricky topic Smiley

He's also not using a "TRNG" because then it would be impossible to prove to players that the site was fair.
sr. member
Activity: 454
Merit: 252
what RNG is JD using? did I miss it somewhere?

thanks

click on the "fair" tab at just-dice.com

I clicked and I didnt see any info about the RNG. if You know it and I missed it please let me know the RNG. is it a PRNG?

https://just-dice.com/lucky.txt

thanks but what RNG is it? is this a PRNG?


ofc it is prng. jd uses a sha512 hmac of a seed to generate the lucky numbers. for all intents and purposes this is absolutely random. if you find a pattern, it would imply a serious breakthrough in the field of cryptography (effectively breaking sha).

thanks for clarifying. why is he not using a TRNG?


trng? i assume you mean a 'truly' random generator.

simply because obtaining random data is very hard (not 100% sure, but i have doubts that something like a TRNG exists). On the level JD is operating on (software on a server), you do not have random input with which your software can work with. OS random generators usually work by taking as inputs various pieces of information (such as time, etc.) and then applying algorithms to them. This results in seemingly random data, however, technically speaking, it is not truly random.

If you want to come closer to pure/true randomness, you would need a special hardware-based generator (for example, one that measures micro turbulances in the air) and base your data off it.

Randomness is a tricky topic Smiley

off-topic, ever see random.org? They get randomness from EM atmospheric fluctuations, like you say. But even they need to be concerned about cheating

http://www.random.org/faq/#Q1.4
Pages:
Jump to: