posted on Monday, November 29, 2004 9:42 PM
by
anoras
Texas Hold’em Poker and how to randomize
Whether you’re a blogger or a regular reader of blogs you’ve probably noticed the flood of Texas Hold’em poker spam littering blog comments. Online gambling is a shady business and it represents a raft of risks. Would you give your credit card details to a company using the same marketing practices as eastern European porn-barons and the Nigerian mafia? How do you know if your opponents are cheating insiders or players acting in collusion?
When it comes to e-business a key concern is “is this safe”? With Texas Hold’em poker this has not been the case.
The software, developed at the end of the nineties by ASF Software Inc., had a major flaw. The flaw enabled anyone to deduct the order of the cards in any shuffled deck from the cards in your hand and on the table.
A deck of cards has 52 card and there are approximately 2^226 ways you can shuffle these cards.
The game was developed using Borland Delphi and the shuffle algorithm used the built in random generator function using the number of seconds since midnight as the random number seed. The Delphi random function is a classic example of a linear congruential function
The key misassumption the programmers have made is that the random function actually creates random numbers. The following code will print 66, 14, 12, 52 and 16 every time it’s run.
public static void CreateRandomNumbers() {
Random r=new Random(42);
for (int i=0;i<5; i++) {
Console.WriteLine(r.Next(100));
}
}
As you can see, even though the class is named Random, it yields highly predictable results.
A 32-bit number has approximately 4 billion random variations; however the Texas Hold’em game used the number of milliseconds since midnight as a random seed. There are only 86,400,000 possible variations since this is the number of milliseconds per day. Since the random seed was the number of seconds since midnight, the system clock on a hacker’s computer could easily be synchronized with the Texas Hold’em clock.
With the two initial dealt cards and the cards laying face up on the table one can generate shuffles until a perfect match, which is a shuffle with the same cards in the same order is found. This is trivial, since knowing the random seed has narrowed the number of possible variations to around 200,000.
The flaw was discovered in 1999 by Cigital and ASF Software should have sorted the issue by now. Though I think they’ve gone out of business, at least their URL points to a spam site today. Whether you play against a hacker generating hands or not, I reckon there is a fair chance you’re getting screwed if you play Texas Hold’em poker with anyone of the spammers.
If you’re writing poker software, shuffle your decks using a proper random generator. The CryptGenRandom WIN32 function yields real random numbers by adding process and thread ids, CPU counters and hashes of the user and computer name into the mix. This gives the algorithm lots of entropy, hence lots of randomness. If you create a proper shuffling algorithm, your poker software might be more of a success than Texas Hold’em poker and you won’t have to resort to spamming blogs in a desperate attempt to make people waste money in your online casino.