|
|
#1
01-30-2004, 09:18 AM
|
|||
|
|||
if u play online u should read this web article...
|
|
#2
01-30-2004, 09:36 AM
|
|||
|
|||
|
Re: if u play online u should read this web article...
Its actually from 1999
http://www.cigital.com/news/index.ph...t&artid=20 I would have thought this would have been tightened up by now.
|
|
#3
01-30-2004, 09:39 AM
|
|||
|
|||
|
Re: if u play online u should read this web article...
Pokerstars also employ this company to ensure their rng is secure.
http://www.cigital.com/news/index.ph...t&artid=86
|
|
#4
01-30-2004, 09:43 AM
|
|||
|
|||
|
Re: if u play online u should read this web article...
most online outlets use a much better way of seeding their random number generators than simply calling some stupid library function. to do this, they have each client machine - that is, each machine that's running their poker software - continually send the server some sort of data about the state of the client machine. that could mean current cpu load, average time between mouse events, cpu temperature, anything like that. these values are essentially unpredictable. every time a random seed is needed, these numbers are combined in some way to make a new seed. the only way for an attacker to guess the seed is to intercept, decrypt, and interpret a significant chunk of this random noise being sent to the servers. and then ape the server's seed generation process to guess the new seed. and given that a seed is only in use for a short time, they had better be quick about it. frankly, i don't think it's practical.
actually, there is another way. it involves intercepting the client-server data stream and replacing the real ("random") values with values that you yourself generate (a man-in-the-middle attack). it would be difficult to pull this off if the data encryption process has proper authentication built in. and given the volume of clients, i'm not sure it would be doable in practice anyway. good luck cepstrum
|
|
#5
01-30-2004, 09:47 AM
|
|||
|
|||
|
Re: if u play online u should read this web article...
This article discusses a relatively well-known problem from the past, where developers made fundamental errors creating their random number generator.
Modern RNGs use entropy pools, which gather truly random data from all over the system, and store it. An example of this would be the Yarrow RNG, or the random number generator included in the FreeBSD kernel. Both of these systems involve gathering entropy from random, external sources, and pooling it to create a way to make random numbers that can't be predicted.
|
|
#6
01-30-2004, 04:15 PM
|
|||
|
|||
|
Re: if u play online u should read this web article...
It's funny, a friend of mine just said he talked to a guy that plays on Party in the same tournies as him. He said this "The guy told me that he has won 3 or 4 of these tournies, but I don't think he is that good." He then said "It's just weird, a lot of the time he seems to know what the other players have. Sometimes he will turn over bottom pair and win after players had been betting into him"
HAHA Who knows???
|
 |
|
|
Linear Mode
