FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups 
 ProfileProfile   PreferencesPreferences   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Reply to topic
View previous topic :: View next topic  
Author Message
matoOffline
Joined: 06 Jul 2016
Total posts: 3
Gender: Unknown
Slovakia
PostPosted: Wed Jun 14, 2017 21:35    Post subject: Pseudo Random Number Generator considered broken (!) Reply with quote

Hi.

Can someone share some details about PRNG used for games on this site, please?
How is it used? How is it implemented? Has it been reviewed?
No one noticed nothing strange? Because I did ...

I noticed at least 3-4 occasions when I had way too many 1's on dice in the Game of Ur. Like 10-20 in a row. Across a few games. Not always just 1's but more than 90% in such a sequence.

While I know it is statistically possible, I'm pretty sure it wouldn't happen to me or you if we just tried to roll a dice even a few hundred times. And I noticed this more than once already and with the number that's not supposed to be statistically most common (in the Game of Ur number 2 should be most common, but even there I would be surprised to get 20 2's in a row).

I've got a feeling something is not quite right and it badly spoils my games when all I'm getting are 1's and I feel it's pretty unreal / bogus.

I hope someone can investigate this or at least double check the code, so that we don't just waste our time playing flawed "games".

Thanks and regards.
Back to top
View user's profile 
bramOffline
Superadmin
Superadmin
Avatar

Joined: 14 Jul 2005
Total posts: 1067
Gender: Unknown
Netherlands
PostPosted: Thu Jun 15, 2017 8:22    Post subject: Reply with quote

we use the php function of mt_rand: http://php.net/manual/en/function.mt-rand.php
Back to top
View user's profile 
matoOffline
Joined: 06 Jul 2016
Total posts: 3
Gender: Unknown
Slovakia
PostPosted: Thu Jun 15, 2017 13:05    Post subject: Reply with quote

OK and how do you seed and when (if at all) ?
And what version of PHP ?
Thanks.
Back to top
View user's profile 
bramOffline
Superadmin
Superadmin
Avatar

Joined: 14 Jul 2005
Total posts: 1067
Gender: Unknown
Netherlands
PostPosted: Fri Jun 23, 2017 13:02    Post subject: Reply with quote

mato wrote:
OK and how do you seed and when (if at all) ?
And what version of PHP ?
Thanks.


Not seeded. Is not needed for this:
- see http://php.net/manual/en/function.mt-srand.php
- it is seed automatically.
- php 5.3.3
Back to top
View user's profile 
Thom27Offline
Vip
Vip
Joined: 03 Apr 2015
Total posts: 17
Gender: Male
Germany
PostPosted: Wed Jul 05, 2017 15:13    Post subject: Reply with quote

IMHO it is questionable to use mt_rand() with implicit initialisation for this.

I assume a PHP script is called for every move and mt_rand is initialized to create the random numbers for this move only, e.g. for the two dice numbers in a backgammon game. And for the next two dice in the next move it is initialized again, since it is another call to the script.

A PRNG like mt_rand is usually meant to be initialized only once to create an arbitrarily long sequence of pseudo random numbers. If it is initialized again for every single random number, then it might behave badly, depending on how it is initialised and on the source of the seed data.

Since I don't know how mt_rand is initialized, I'd use some other method, for example:
feed microtime() (and maybe more entropy from other sources) and some secret constant string into a hash function like sha1(). Calculate the dice numbers from the hash output. The secret string is to make sure that no one can predict the dice rolls, even when knowing the algorithm. That should work well.


There is even a way that allows the users to check if the dice are calculated fair and correctly:

Use the move number and a secret key (a different one for every game) as input to a cryptographic hash function (like sha1) and calculate the dice from the hash. Publish the algorithm which does this. After the end of the game, publish the key.

As long as the key is secret (and long enough and created in an unpredictable way), no one can predict the dice rolls during the game.
Back to top
View user's profile 
Display posts from previous:   
Reply to topic All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group