Today I am going to retell a story from 1999, a story in which developers of a popular online poker platform implemented card-shuffling software with a handle of subtle but critical bugs.
Pseudo Poker Online Games
Pseudo Poker Online, roulette muscu debout, petit casino nice gambetta, gratis spel casino online. Poker is a card game that many people around the world enjoy. Poker is played at kitchen tables, in casinos, and cardrooms - and more recently, the Web. A few of us here at Reliable Software Technologies play poker. Since many of us spend a good amount of our days online, it was only a matter of time before some of us put the two interests. Max Free Spins: 50. WR of 30x Deposit + Bonus amount and Pseudo Poker 60x Free Spin winnings amount (only Slots count) within 30 days. Max bet is 10% (min €/$0.10) of the free spin winnings and bonus amount or €5 (lowest amount applies). Free Spins must be used before deposited funds. Bonus Policy Pseudo Poker applies. A 9/6 Jacks or Better refers to a full pay game with an RTP of 99.54%, whereas the 10/8/5 Bonus Poker has a return of 94.18%, which is among the lowest possible for video poker as a whole. In this game, a Full House pays 10 coins for 1 coin bet, a Flush pays 8 coins, while the Straight pays 5 coins.
Image credit: David Wells on Flickr
Although this story is 15 years old, the lessons it holds for algorithm developers are still relevant.
It's far to easy to introduce subtle bugs into random number generators and algorithms, and those bugs can have disastrous results.
In online poker—as in real poker—the game starts with the shuffle. It's important to ensure that the shuffle is randomly distributed. Dragon age inquisition more skill slots mod.
There are 52 distinct cards in a fair deck; there are 52! distinct possible shuffles. Or 8.0658x1067. Which is a big number.
In 1999, ASF Software, Inc. provided the software behind many of the popular online poker platforms of the era. They published their shuffling algorithm.
Here it is. Take a look and see if you can spot a flaw.
procedure TDeck.Shuffle;varctr: Byte;tmp: Byte;random_number: Byte;begin{ Fill the deck with unique cards }for ctr := 1 to 52 doCard[ctr] := ctr;{ Generate a new seed based on the system clock }randomize;{ Randomly rearrange each card }for ctr := 1 to 52 do beginrandom_number := random(51)+1;tmp := card[random_number];card[random_number] := card[ctr];card[ctr] := tmp;end;CurrentCard := 1;JustShuffled := True;end;
Flaw #1: An Off-by-One Error
The algorithm above tries to iterate over each card in the deck, swapping each card with another randomly chosen card in the deck. However—every programmer has made this mistake before—there's an off-by-one error. The function random(n) returns a number between 0 and (n-1), not between 1 and n as the programmer intends. As a result, the algorithm will never swap the 52nd card with itself; the 52nd card can never end up in the 52nd place. So that is the first reason the 'random' card shuffling isn't really random.
Flaw #2: The Shuffle Isn't Uniform
The flawed algorithm above swaps the ith card with a random card selected from the entire deck—all 52 cards. A proper shuffling algorithm will swap the ith card only with a card in the interval (i, n). That is, it considers each element for a random swap only once. There are n! unique shuffles, and the proper shuffling algorithm generates each shuffled deck only once. The original bad implementation makes certain decks significantly more likely than others.
Flaw #3: Using a 32-bit Seed
If your business or technology depends on using random numbers, your best bet is to use a hardware random number generator. ASF didn't do that. They used a deterministic machine with a software pseudo-random number generator. Worse, they used a 32-bit seed. Because the output of the pseudo-random number generator is 100% determined by the seed, there are only N^32 possible seed values—meaning only N^32 possible shuffles. That's only about 4 billion possible shuffles, out of a total of 8.0658x1067 theoretical possible shuffles.
Flaw #4: Using the System Clock as a Seed
The flawed algorithm used the Pascal function Randomize(), which chooses the seed based on the number of milliseconds since midnight. But there are only 86,400,000 milliseconds in the day—which means that there are only 86,400,000 possible shuffles that the flawed algorithm could produce.
Pseudo Poker Online Multiplayer
But it gets worse. Because the random number generator seed is based on the server time clock, hackers synchronized their program with the server clock and were able to reduce the number of possible shuffles to only 200,000. At that point, once the hacker knew 5 cards in the shuffle, he could quickly search through the 200,000 possible shuffles in realtime and find the exact one in his game. So once the hacker knew the 2 cards in his hand and the 3 cards in the flop, his program could tell him which cards would come on the turn and the river, as well as which cards every other player held.
Some final words of wisdom from Robert Sedgewick, author of Algorithms:
Pseudo Poker Online Poker
'That's a pretty tough thing to have happen if you're implementing online poker. You might want to make sure that if you're advertising that you're doing a random shuffle that you go ahead and do so.'—Robert Sedgewick, Professor of Computer Science, Princeton