Wouldn’t it be cool if you knew the exact order of the deck after the dealer shuffled it? You could use that information to construct each player’s hand, the board cards to come in a flop game, and (most importantly) determine whether you would be the eventual winner. You might have heard that it’s possible to predict the cards that will come out of the deck in an online poker game. In 1999, a team of researchers from Reliable Software Technologies (www.citigal.com/) created a software tool that let them determine the exact order of the deck in play for a particular Hold ’em hand. Here’s the story of how they did it and how the online casinos fixed the problem.
Register to Claim your Bonus at our Favorites Poker Sites
Up to $2,000 and exclusive freerolls over a 4 week period.
Choose your bonus from €25 - €1000
Join new player tournaments
Play in each tournament up to six times.
Deposit €100, play with €200
One of the fundamental principles of data security is that you should be able to publish the set of steps (or algorithm) you follow to deal cards, pick lottery numbers, encrypt data, or whatever, without compromising the process’ integrity. In the physical world, anyone can find out that lottery drawings use a clear, circular tumbler partially filled with marked Ping-Pong balls and blown air to pick the winning numbers. The on-site security, equipment verification regime and physical randomness of the tumbler mean that even if there is some way to hack the system, such as by modifying a few balls to increase the chance of particular winning combinations, the security system makes it very difficult to implement the attack effectively.
The same philosophy applies in the digital world. In January 1997, the United States federal government began a competition to select a data encryption algorithm to be used for the Advanced Encryption Standard (AES). One of the competition requirements was that each algorithm submitted would be published in full so anyone could analyze it. After three-and-a-half years of public and private analysis, the U.S. government selected the winner: Rijndael, an algorithm submitted by two Belgian cryptographers.
Why did the government take so long to pick the winner? Because digital security processes are extremely hard to implement flawlessly. Subtle mistakes a dozen tenured professors miss could seem obvious to a first-year graduate student, and even one such mistake might be enough to render an otherwise secure algorithm, or a specific implementation of that algorithm, worthless. When you’re dealing with a security specification as important as the AES, it’s only prudent to review the candidate algorithms thoroughly.
It was in that spirit of openness that ASF Software published the details of its shuffling algorithm, used at the time by sites such as PlanetPoker, PurePoker, and DeltaCasino, for public scrutiny. The result of that analysis was shocking: Because the Hold ’em games’ shuffling algorithm used an easily guessed random number to begin selecting the cards to be dealt, it was possible to predict the entire deck’s order after seeing only five cards. Yep, if you stayed through the first round of betting, you could determine whether you would be the eventual winner without putting another dollar into the pot unless you wanted to.
PlanetPoker, the most popular site using the ASF Software shuffling algorithm, changed its procedures in very short order. Now when you go to online poker sites and sift through their frequently asked questions (FAQs), you see some geekily entertaining detail on how they randomly determine which card appears next.
Register to Play at our Favorites Poker Sites
Join the biggest poker site in the world. Play cash games or tournaments
Get $88 Free, No Deposit Needed
Instant Play or Download
Play Poker now and get 100% Bonus
up to $500
William Hill Poker
2 weekly challenges, for seven weeks, with a €35,000 pot to win each week.
PLAY WITH £10 INSTANTLY +GET £100 BONUS
New Player Bonus of up to €100 & tournament Ticket Worth €5
Action packed tournaments, super fast payouts, and over 246,000 online poker hands played every day.
U.S. POKER PLAYERS WELCOME
Full Tilt Poker
$30 Free Play.
Play online poker games at Full Tilt Poker.
Black Diamond Poker Open
Over $3 Million Guaranteed
Here’s a part of the PartyPoker explanation, which you can find on the Web in its entirety at https://www.partypoker.com/games-fairness/random-number-generator.html
The systems, algorithms, and practices at PartyPoker exist to ensure total fairness for every player on our site.
That’s why we use a powerful random number generator (RNG) to make sure our players all have the same chance of winning. A good RNG generates numbers that are:
Evenly distributed and not related to each other in any way Unpredictable
Our Random Number Generator (RNG) operates at a high level of randomness to make sure all our players have the same chance of winning, so both the player and the online poker room are assured of complete fairness. All our online games use the RNG to shuffle the decks and generate the cards.
We use a secure, certified RNG implementation. Our RNG uses a well-known algorithm to generate 32-bit raw numbers. These numbers are scaled and shuffled to generate a 52-card deck for each game.
iTech Labs has tested and certified the following for our RNG:
The raw 32-bit numbers generated by the RNG algorithm are statistically acceptable: Applying Marsaglia’s diehard suite of tests on the raw numbers revealed statistical randomness.
The RNG algorithm and shuffling code were used to generate over 2 million shuffled decks. Chi-squared tests applied to the shuffled decks showed uniform distribution.
Further, all poker hands are captured from the live system on a monthly basis and chi-squared tests are applied. These tests have indicated that the RNG continues to operate correctly.
iTech Labs has also verified the RNG source code to ensure that the RNG internal state is secure and the seeding is from an entropy source.
Should you have any further questions about our RNG or the fairness of our games, please contact our 24/7 Customer Care team.
What’s nice about the explanation is that it’s true. The zener diode’s state is physically unpredictable when it’s isolated from close-in heat sources and the like, so it generates a string of truly random numbers. And if this complex procedure seems like overkill, just consider the goodwill PlanetPoker had to recapture after its debacle with the ASF Software algorithm.
Read more about Random Number Generator >>
The bottom line is that the major online poker rooms appear to be much better about ensuring the randomness and fairness of their dealing procedures. We don’t know for sure that the sites’ shuffling algorithms have no weaknesses. We haven’t verified the systems ourselves (as if we’d know how), but there’s nothing in the current literature indicating any weaknesses.