Today I am going to retell a story from 1999, a story in which developers of a popular online poker platform implemented card-shuffling software with a handle of subtle but critical bugs.
Image credit: David Wells on Flickr
Another important aspect to consider when choosing your online casino is the welcome bonus. Almost every online casino offer a welcome bonus in form of a first deposit bonus. For example 100% up to £100. This means the casino will match your first Pseudo Poker Femme deposit with 100% up to a maximum of £100. So, if you deposit £100 you will.
Although this story is 15 years old, the lessons it holds for algorithm developers are still relevant.
In online poker—as in real poker—the game starts with the shuffle. It's important to ensure that the shuffle is randomly distributed. There are 52 distinct cards in a fair deck; there are 52! Distinct possible shuffles. Or 8.0658x10 67. Which is a big number. Pseudo Poker wager requirements. The play through requirements range anywhere from 25 to 90 times the aggregate amount of Pseudo Poker the no deposit bonus and once fulfilled, you can make use of one of several cashing out methods available for your country.
A lot of different parts make up a good casino site, and there's even more to get right for Trouver Pseudo Poker a great one. Some of the things we look for include functionality, game selection, live casino options, a reliable customer service, bonuses, availability and trustworthiness. Playing Card Shuffler. This form allows you to draw playing cards from randomly shuffled decks. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs.
It's far to easy to introduce subtle bugs into random number generators and algorithms, and those bugs can have disastrous results.
Pseudo Poker Online Game
In online poker—as in real poker—the game starts with the shuffle. It's important to ensure that the shuffle is randomly distributed.
There are 52 distinct cards in a fair deck; there are 52! distinct possible shuffles. Or 8.0658x1067. Which is a big number.
In 1999, ASF Software, Inc. provided the software behind many of the popular online poker platforms of the era. They published their shuffling algorithm.
Here it is. Take a look and see if you can spot a flaw.
procedure TDeck.Shuffle;varctr: Byte;tmp: Byte;random_number: Byte;begin{ Fill the deck with unique cards }for ctr := 1 to 52 doCard[ctr] := ctr;{ Generate a new seed based on the system clock }randomize;{ Randomly rearrange each card }for ctr := 1 to 52 do beginrandom_number := random(51)+1;tmp := card[random_number];card[random_number] := card[ctr];card[ctr] := tmp;end;CurrentCard := 1;JustShuffled := True;end;
Flaw #1: An Off-by-One Error
The algorithm above tries to iterate over each card in the deck, swapping each card with another randomly chosen card in the deck. However—every programmer has made this mistake before—there's an off-by-one error. The function random(n) returns a number between 0 and (n-1), not between 1 and n as the programmer intends. As a result, the algorithm will never swap the 52nd card with itself; the 52nd card can never end up in the 52nd place. So that is the first reason the 'random' card shuffling isn't really random.
Flaw #2: The Shuffle Isn't Uniform
The flawed algorithm above swaps the ith card with a random card selected from the entire deck—all 52 cards. A proper shuffling algorithm will swap the ith card only with a card in the interval (i, n). That is, it considers each element for a random swap only once. There are n! unique shuffles, and the proper shuffling algorithm generates each shuffled deck only once. The original bad implementation makes certain decks significantly more likely than others.
Flaw #3: Using a 32-bit Seed
If your business or technology depends on using random numbers, your best bet is to use a hardware random number generator. ASF didn't do that. They used a deterministic machine with a software pseudo-random number generator. Worse, they used a 32-bit seed. Because the output of the pseudo-random number generator is 100% determined by the seed, there are only N^32 possible seed values—meaning only N^32 possible shuffles. That's only about 4 billion possible shuffles, out of a total of 8.0658x1067 theoretical possible shuffles.
Flaw #4: Using the System Clock as a Seed
The flawed algorithm used the Pascal function Randomize(), which chooses the seed based on the number of milliseconds since midnight. But there are only 86,400,000 milliseconds in the day—which means that there are only 86,400,000 possible shuffles that the flawed algorithm could produce.
But it gets worse. Because the random number generator seed is based on the server time clock, hackers synchronized their program with the server clock and were able to reduce the number of possible shuffles to only 200,000. At that point, once the hacker knew 5 cards in the shuffle, he could quickly search through the 200,000 possible shuffles in realtime and find the exact one in his game. So once the hacker knew the 2 cards in his hand and the 3 cards in the flop, his program could tell him which cards would come on the turn and the river, as well as which cards every other player held.
Some final words of wisdom from Robert Sedgewick, author of Algorithms:
'That's a pretty tough thing to have happen if you're implementing online poker. You might want to make sure that if you're advertising that you're doing a random shuffle that you go ahead and do so.'—Robert Sedgewick, Professor of Computer Science, Princeton
Today I am going to retell a story from 1999, a story in which developers of a popular online poker platform implemented card-shuffling software with a handle of subtle but critical bugs.
Image credit: David Wells on Flickr
Although this story is 15 years old, the lessons it holds for algorithm developers are still relevant.
It's far to easy to introduce subtle bugs into random number generators and algorithms, and those bugs can have disastrous results.
In online poker—as in real poker—the game starts with the shuffle. It's important to ensure that the shuffle is randomly distributed.
There are 52 distinct cards in a fair deck; there are 52! distinct possible shuffles. Or 8.0658x1067. Which is a big number.
In 1999, ASF Software, Inc. provided the software behind many of the popular online poker platforms of the era. They published their shuffling algorithm.
Here it is. Take a look and see if you can spot a flaw.
procedure TDeck.Shuffle;varctr: Byte;tmp: Byte;random_number: Byte;begin{ Fill the deck with unique cards }for ctr := 1 to 52 doCard[ctr] := ctr;{ Generate a new seed based on the system clock }randomize;{ Randomly rearrange each card }for ctr := 1 to 52 do beginrandom_number := random(51)+1;tmp := card[random_number];card[random_number] := card[ctr];card[ctr] := tmp;end;CurrentCard := 1;JustShuffled := True;end;
Pseudo Poker Online Multiplayer
Flaw #1: An Off-by-One Error
The algorithm above tries to iterate over each card in the deck, swapping each card with another randomly chosen card in the deck. However—every programmer has made this mistake before—there's an off-by-one error. The function random(n) returns a number between 0 and (n-1), not between 1 and n as the programmer intends. As a result, the algorithm will never swap the 52nd card with itself; the 52nd card can never end up in the 52nd place. So that is the first reason the 'random' card shuffling isn't really random.
Flaw #2: The Shuffle Isn't Uniform
The flawed algorithm above swaps the ith card with a random card selected from the entire deck—all 52 cards. A proper shuffling algorithm will swap the ith card only with a card in the interval (i, n). That is, it considers each element for a random swap only once. There are n! unique shuffles, and the proper shuffling algorithm generates each shuffled deck only once. The original bad implementation makes certain decks significantly more likely than others.
Flaw #3: Using a 32-bit Seed
If your business or technology depends on using random numbers, your best bet is to use a hardware random number generator. ASF didn't do that. They used a deterministic machine with a software pseudo-random number generator. Worse, they used a 32-bit seed. Because the output of the pseudo-random number generator is 100% determined by the seed, there are only N^32 possible seed values—meaning only N^32 possible shuffles. That's only about 4 billion possible shuffles, out of a total of 8.0658x1067 theoretical possible shuffles.
Flaw #4: Using the System Clock as a Seed
The flawed algorithm used the Pascal function Randomize(), which chooses the seed based on the number of milliseconds since midnight. But there are only 86,400,000 milliseconds in the day—which means that there are only 86,400,000 possible shuffles that the flawed algorithm could produce.
But it gets worse. Because the random number generator seed is based on the server time clock, hackers synchronized their program with the server clock and were able to reduce the number of possible shuffles to only 200,000. At that point, once the hacker knew 5 cards in the shuffle, he could quickly search through the 200,000 possible shuffles in realtime and find the exact one in his game. So once the hacker knew the 2 cards in his hand and the 3 cards in the flop, his program could tell him which cards would come on the turn and the river, as well as which cards every other player held.
In online poker—as in real poker—the game starts with the shuffle. It's important to ensure that the shuffle is randomly distributed. There are 52 distinct cards in a fair deck; there are 52! Distinct possible shuffles. Or 8.0658x10 67. Which is a big number. Pseudo Poker wager requirements. The play through requirements range anywhere from 25 to 90 times the aggregate amount of Pseudo Poker the no deposit bonus and once fulfilled, you can make use of one of several cashing out methods available for your country.
A lot of different parts make up a good casino site, and there's even more to get right for Trouver Pseudo Poker a great one. Some of the things we look for include functionality, game selection, live casino options, a reliable customer service, bonuses, availability and trustworthiness. Playing Card Shuffler. This form allows you to draw playing cards from randomly shuffled decks. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs.
It's far to easy to introduce subtle bugs into random number generators and algorithms, and those bugs can have disastrous results.
Pseudo Poker Online Game
In online poker—as in real poker—the game starts with the shuffle. It's important to ensure that the shuffle is randomly distributed.
There are 52 distinct cards in a fair deck; there are 52! distinct possible shuffles. Or 8.0658x1067. Which is a big number.
In 1999, ASF Software, Inc. provided the software behind many of the popular online poker platforms of the era. They published their shuffling algorithm.
Here it is. Take a look and see if you can spot a flaw.
procedure TDeck.Shuffle;varctr: Byte;tmp: Byte;random_number: Byte;begin{ Fill the deck with unique cards }for ctr := 1 to 52 doCard[ctr] := ctr;{ Generate a new seed based on the system clock }randomize;{ Randomly rearrange each card }for ctr := 1 to 52 do beginrandom_number := random(51)+1;tmp := card[random_number];card[random_number] := card[ctr];card[ctr] := tmp;end;CurrentCard := 1;JustShuffled := True;end;
Flaw #1: An Off-by-One Error
The algorithm above tries to iterate over each card in the deck, swapping each card with another randomly chosen card in the deck. However—every programmer has made this mistake before—there's an off-by-one error. The function random(n) returns a number between 0 and (n-1), not between 1 and n as the programmer intends. As a result, the algorithm will never swap the 52nd card with itself; the 52nd card can never end up in the 52nd place. So that is the first reason the 'random' card shuffling isn't really random.
Flaw #2: The Shuffle Isn't Uniform
The flawed algorithm above swaps the ith card with a random card selected from the entire deck—all 52 cards. A proper shuffling algorithm will swap the ith card only with a card in the interval (i, n). That is, it considers each element for a random swap only once. There are n! unique shuffles, and the proper shuffling algorithm generates each shuffled deck only once. The original bad implementation makes certain decks significantly more likely than others.
Flaw #3: Using a 32-bit Seed
If your business or technology depends on using random numbers, your best bet is to use a hardware random number generator. ASF didn't do that. They used a deterministic machine with a software pseudo-random number generator. Worse, they used a 32-bit seed. Because the output of the pseudo-random number generator is 100% determined by the seed, there are only N^32 possible seed values—meaning only N^32 possible shuffles. That's only about 4 billion possible shuffles, out of a total of 8.0658x1067 theoretical possible shuffles.
Flaw #4: Using the System Clock as a Seed
The flawed algorithm used the Pascal function Randomize(), which chooses the seed based on the number of milliseconds since midnight. But there are only 86,400,000 milliseconds in the day—which means that there are only 86,400,000 possible shuffles that the flawed algorithm could produce.
But it gets worse. Because the random number generator seed is based on the server time clock, hackers synchronized their program with the server clock and were able to reduce the number of possible shuffles to only 200,000. At that point, once the hacker knew 5 cards in the shuffle, he could quickly search through the 200,000 possible shuffles in realtime and find the exact one in his game. So once the hacker knew the 2 cards in his hand and the 3 cards in the flop, his program could tell him which cards would come on the turn and the river, as well as which cards every other player held.
Some final words of wisdom from Robert Sedgewick, author of Algorithms:
'That's a pretty tough thing to have happen if you're implementing online poker. You might want to make sure that if you're advertising that you're doing a random shuffle that you go ahead and do so.'—Robert Sedgewick, Professor of Computer Science, Princeton
Today I am going to retell a story from 1999, a story in which developers of a popular online poker platform implemented card-shuffling software with a handle of subtle but critical bugs.
Image credit: David Wells on Flickr
Although this story is 15 years old, the lessons it holds for algorithm developers are still relevant.
It's far to easy to introduce subtle bugs into random number generators and algorithms, and those bugs can have disastrous results.
In online poker—as in real poker—the game starts with the shuffle. It's important to ensure that the shuffle is randomly distributed.
There are 52 distinct cards in a fair deck; there are 52! distinct possible shuffles. Or 8.0658x1067. Which is a big number.
In 1999, ASF Software, Inc. provided the software behind many of the popular online poker platforms of the era. They published their shuffling algorithm.
Here it is. Take a look and see if you can spot a flaw.
procedure TDeck.Shuffle;varctr: Byte;tmp: Byte;random_number: Byte;begin{ Fill the deck with unique cards }for ctr := 1 to 52 doCard[ctr] := ctr;{ Generate a new seed based on the system clock }randomize;{ Randomly rearrange each card }for ctr := 1 to 52 do beginrandom_number := random(51)+1;tmp := card[random_number];card[random_number] := card[ctr];card[ctr] := tmp;end;CurrentCard := 1;JustShuffled := True;end;
Pseudo Poker Online Multiplayer
Flaw #1: An Off-by-One Error
The algorithm above tries to iterate over each card in the deck, swapping each card with another randomly chosen card in the deck. However—every programmer has made this mistake before—there's an off-by-one error. The function random(n) returns a number between 0 and (n-1), not between 1 and n as the programmer intends. As a result, the algorithm will never swap the 52nd card with itself; the 52nd card can never end up in the 52nd place. So that is the first reason the 'random' card shuffling isn't really random.
Flaw #2: The Shuffle Isn't Uniform
The flawed algorithm above swaps the ith card with a random card selected from the entire deck—all 52 cards. A proper shuffling algorithm will swap the ith card only with a card in the interval (i, n). That is, it considers each element for a random swap only once. There are n! unique shuffles, and the proper shuffling algorithm generates each shuffled deck only once. The original bad implementation makes certain decks significantly more likely than others.
Flaw #3: Using a 32-bit Seed
If your business or technology depends on using random numbers, your best bet is to use a hardware random number generator. ASF didn't do that. They used a deterministic machine with a software pseudo-random number generator. Worse, they used a 32-bit seed. Because the output of the pseudo-random number generator is 100% determined by the seed, there are only N^32 possible seed values—meaning only N^32 possible shuffles. That's only about 4 billion possible shuffles, out of a total of 8.0658x1067 theoretical possible shuffles.
Flaw #4: Using the System Clock as a Seed
The flawed algorithm used the Pascal function Randomize(), which chooses the seed based on the number of milliseconds since midnight. But there are only 86,400,000 milliseconds in the day—which means that there are only 86,400,000 possible shuffles that the flawed algorithm could produce.
But it gets worse. Because the random number generator seed is based on the server time clock, hackers synchronized their program with the server clock and were able to reduce the number of possible shuffles to only 200,000. At that point, once the hacker knew 5 cards in the shuffle, he could quickly search through the 200,000 possible shuffles in realtime and find the exact one in his game. So once the hacker knew the 2 cards in his hand and the 3 cards in the flop, his program could tell him which cards would come on the turn and the river, as well as which cards every other player held.
Some final words of wisdom from Robert Sedgewick, author of Algorithms:
'That's a pretty tough thing to have happen if you're implementing online poker. You might want to make sure that if you're advertising that you're doing a random shuffle that you go ahead and do so.'—Robert Sedgewick, Professor of Computer Science, Princeton
