Pseudo Poker Online 7,1/10 9404 votes

Today I am going to retell a story from 1999, a story in which developers of a popular online poker platform implemented card-shuffling software with a handle of subtle but critical bugs.

Image credit: David Wells on Flickr

Although this story is 15 years old, the lessons it holds for algorithm developers are still relevant.

Poker

It's far to easy to introduce subtle bugs into random number generators and algorithms, and those bugs can have disastrous results.

Pseudo poker online poker

In online poker—as in real poker—the game starts with the shuffle. It's important to ensure that the shuffle is randomly distributed.

Another important aspect to consider when choosing your online casino is the welcome bonus. Almost every online casino offer a welcome bonus in form of a first deposit bonus. For example 100% up to £100. This means the casino will match your first Pseudo Poker Femme deposit with 100% up to a maximum of £100. So, if you deposit £100 you will. A lifelong poker player who moved online in 2004, Josh founded Beat The Fish in 2005 to help online poker players make more-informed decisions on where to play and how to win once they got there. He hopes to counter the rampant dishonesty in online gaming media with objective reviews and relevant features. Pseudo Poker Online, roulette muscu debout, petit casino nice gambetta, gratis spel casino online. Max Free Spins: 50. WR of 30x Deposit + Bonus amount and Pseudo Poker 60x Free Spin winnings amount (only Slots count) within 30 days. Max bet is 10% (min €/$0.10) of the free spin winnings and bonus amount or €5 (lowest amount applies). Free Spins must be used before deposited funds. Bonus Policy Pseudo Poker applies.

There are 52 distinct cards in a fair deck; there are 52! distinct possible shuffles. Or 8.0658x1067. Which is a big number.

In 1999, ASF Software, Inc. provided the software behind many of the popular online poker platforms of the era. They published their shuffling algorithm.

Here it is. Take a look and see if you can spot a flaw.

procedure TDeck.Shuffle;varctr: Byte;tmp: Byte;random_number: Byte;begin{ Fill the deck with unique cards }for ctr := 1 to 52 doCard[ctr] := ctr;{ Generate a new seed based on the system clock }randomize;{ Randomly rearrange each card }for ctr := 1 to 52 do beginrandom_number := random(51)+1;tmp := card[random_number];card[random_number] := card[ctr];card[ctr] := tmp;end;CurrentCard := 1;JustShuffled := True;end;

Pseudo


Poker

Flaw #1: An Off-by-One Error

The algorithm above tries to iterate over each card in the deck, swapping each card with another randomly chosen card in the deck. However—every programmer has made this mistake before—there's an off-by-one error. The function random(n) returns a number between 0 and (n-1), not between 1 and n as the programmer intends. As a result, the algorithm will never swap the 52nd card with itself; the 52nd card can never end up in the 52nd place. So that is the first reason the 'random' card shuffling isn't really random.


Flaw #2: The Shuffle Isn't Uniform

The flawed algorithm above swaps the ith card with a random card selected from the entire deck—all 52 cards. A proper shuffling algorithm will swap the ith card only with a card in the interval (i, n). That is, it considers each element for a random swap only once. There are n! unique shuffles, and the proper shuffling algorithm generates each shuffled deck only once. The original bad implementation makes certain decks significantly more likely than others.


Flaw #3: Using a 32-bit Seed

If your business or technology depends on using random numbers, your best bet is to use a hardware random number generator. ASF didn't do that. They used a deterministic machine with a software pseudo-random number generator. Worse, they used a 32-bit seed. Because the output of the pseudo-random number generator is 100% determined by the seed, there are only N^32 possible seed values—meaning only N^32 possible shuffles. That's only about 4 billion possible shuffles, out of a total of 8.0658x1067 theoretical possible shuffles.


Flaw #4: Using the System Clock as a Seed

The flawed algorithm used the Pascal function Randomize(), which chooses the seed based on the number of milliseconds since midnight. But there are only 86,400,000 milliseconds in the day—which means that there are only 86,400,000 possible shuffles that the flawed algorithm could produce.

But it gets worse. Because the random number generator seed is based on the server time clock, hackers synchronized their program with the server clock and were able to reduce the number of possible shuffles to only 200,000. At that point, once the hacker knew 5 cards in the shuffle, he could quickly search through the 200,000 possible shuffles in realtime and find the exact one in his game. So once the hacker knew the 2 cards in his hand and the 3 cards in the flop, his program could tell him which cards would come on the turn and the river, as well as which cards every other player held.

Some final words of wisdom from Robert Sedgewick, author of Algorithms:

'That's a pretty tough thing to have happen if you're implementing online poker. You might want to make sure that if you're advertising that you're doing a random shuffle that you go ahead and do so.'—Robert Sedgewick, Professor of Computer Science, Princeton

Today I am going to retell a story from 1999, a story in which developers of a popular online poker platform implemented card-shuffling software with a handle of subtle but critical bugs.

Image credit: David Wells on Flickr

Although this story is 15 years old, the lessons it holds for algorithm developers are still relevant.

It's far to easy to introduce subtle bugs into random number generators and algorithms, and those bugs can have disastrous results.

In online poker—as in real poker—the game starts with the shuffle. It's important to ensure that the shuffle is randomly distributed.

There are 52 distinct cards in a fair deck; there are 52! distinct possible shuffles. Or 8.0658x1067. Which is a big number.

In 1999, ASF Software, Inc. provided the software behind many of the popular online poker platforms of the era. They published their shuffling algorithm.

Here it is. Take a look and see if you can spot a flaw.

procedure TDeck.Shuffle;varctr: Byte;tmp: Byte;random_number: Byte;begin{ Fill the deck with unique cards }for ctr := 1 to 52 doCard[ctr] := ctr;{ Generate a new seed based on the system clock }randomize;{ Randomly rearrange each card }for ctr := 1 to 52 do beginrandom_number := random(51)+1;tmp := card[random_number];card[random_number] := card[ctr];card[ctr] := tmp;end;CurrentCard := 1;JustShuffled := True;end;


Flaw #1: An Off-by-One Error

The algorithm above tries to iterate over each card in the deck, swapping each card with another randomly chosen card in the deck. However—every programmer has made this mistake before—there's an off-by-one error. The function random(n) returns a number between 0 and (n-1), not between 1 and n as the programmer intends. As a result, the algorithm will never swap the 52nd card with itself; the 52nd card can never end up in the 52nd place. So that is the first reason the 'random' card shuffling isn't really random.


Flaw #2: The Shuffle Isn't Uniform

The flawed algorithm above swaps the ith card with a random card selected from the entire deck—all 52 cards. A proper shuffling algorithm will swap the ith card only with a card in the interval (i, n). That is, it considers each element for a random swap only once. There are n! unique shuffles, and the proper shuffling algorithm generates each shuffled deck only once. The original bad implementation makes certain decks significantly more likely than others.


Flaw #3: Using a 32-bit Seed

Pseudo Poker Online Games

If your business or technology depends on using random numbers, your best bet is to use a hardware random number generator. ASF didn't do that. They used a deterministic machine with a software pseudo-random number generator. Worse, they used a 32-bit seed. Because the output of the pseudo-random number generator is 100% determined by the seed, there are only N^32 possible seed values—meaning only N^32 possible shuffles. That's only about 4 billion possible shuffles, out of a total of 8.0658x1067 theoretical possible shuffles.


Flaw #4: Using the System Clock as a Seed

Pseudo Poker Online Poker

The flawed algorithm used the Pascal function Randomize(), which chooses the seed based on the number of milliseconds since midnight. But there are only 86,400,000 milliseconds in the day—which means that there are only 86,400,000 possible shuffles that the flawed algorithm could produce.

But it gets worse. Because the random number generator seed is based on the server time clock, hackers synchronized their program with the server clock and were able to reduce the number of possible shuffles to only 200,000. At that point, once the hacker knew 5 cards in the shuffle, he could quickly search through the 200,000 possible shuffles in realtime and find the exact one in his game. So once the hacker knew the 2 cards in his hand and the 3 cards in the flop, his program could tell him which cards would come on the turn and the river, as well as which cards every other player held.

Pseudo Poker Online Multiplayer

Some final words of wisdom from Robert Sedgewick, author of Algorithms:

Pseudo Poker Online Game

'That's a pretty tough thing to have happen if you're implementing online poker. You might want to make sure that if you're advertising that you're doing a random shuffle that you go ahead and do so.'—Robert Sedgewick, Professor of Computer Science, Princeton
eemitmoro1982.netlify.com – 2021