Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Announcements (Altcoins)
Re: Just-Dice.com : Invest in 1% House Edge Dice Game
by
broolstoryco
on 30/09/2013, 15:18:32 UTC
Quote from: pascal257 on September 30, 2013, 03:01:00 PM
Quote from: broolstoryco on September 30, 2013, 02:59:00 PM
Quote from: pascal257 on September 30, 2013, 02:33:20 PM
Quote from: broolstoryco on September 30, 2013, 02:29:25 PM
Quote from: pascal257 on September 30, 2013, 02:21:39 PM
Quote from: broolstoryco on September 30, 2013, 02:10:52 PM
The system JD uses is close to as good as it gets (assuming proper implementation). This is possible to the standardization of strong cryptographic protocols (and hash functions, such as SHA).
You're using some strong wording there. Do you have any source or quotes to underline this or are you just wildly speculating?

sha is currently the industry standard hashing algo. Quck google shows us that it is used in the most sensitive applications:
The SHA-2 hash function is implemented in some widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, Bitcoin, PPCoin and IPsec.

i do not feel that my statement is so strong: again, assuming proper implementation, it is as good as it currently gets. There are no known, feasible attacks on sha.
You understand what a hashing algorithm does? What about the input?

the debate was: generation of numbers which determine if a given roll wins or not.

i stipulate that as the sha has a uniform output distribution, the results are evenly distributed. Furthermore, due to the security of the algo, we are unable to predict the next roll without knowing the plaintext (clientseed+serverseed+nonce). Therefore, the generation of lucky numbers is fair, contingent on correct implementation (which i know is not a simple issue)
I already know the clientseed and the nonce. If the serverseed is poorly generated you can use the best hashing algorithm available and I'd be able to predict the output.


yes, i agree, but this is just a question of using the OS prng, which falls under correct implementation. This may seem like tautology, but i was just trying to say the the system that jd uses is nothing revolutionary or new per se, it is just a collection of known and tested cryptographic methods. As i said, i do not feel that i made a very strong claim, my point was that the relatively simple system that jd uses should provide secure lucky number generation, if the algo guidelines were followed (as opposed to using a new, untested, faster hash algo that did not face rigorous testing)