1. Let every player submit a custom 'seed' string (random gibberish), and for convenience offer the option of just having one randomly generated. Also, the server generates a random seed string.
2. The Sha256 hashes of these seed strings are displayed in advance, so everybody can be certain the results were not manipulated afterwards.
3. Concatenate all these seed strings in a deterministic order (e.g. alphabetic) and take the Sha256 hash of the result.
4. Generate a deck of cards from this Sha256 hash, to have a semi-random (deterministic but unpredictable and uniformly distributed) shuffled deck of cards.
As for how to implement step 4: use some big integer math, and interpret the Sha256 hash from step 3 as one big integer number. Take this number modulo 52 to pick the first card, and divide the number by 52. Take the resulting number modulo 51 to pick the second card, and divide the number by 51. Et cetera.
Topic: Secure Poker (Read 719 times)
What would be the most secure method to shuffle the card deck? I was thinking of letting every player generate a cryptographically secure string locally (and the ability to edit it manually, of course), I was thinking 32 characters per player should be plenty and then pack the string with SHA256 and move to the right every time a new source of entropy is needed. Of course then if the server is sabotaged one could potentially know the results ahead of time, even though one could also see all the players cards in that theoretical situation aswell so there is really no point in doing this every time a card is drawn is there?
Jump to: