Doog: I mentioned this earlier, maybe it was too stupid to deserve a response but could your software and historical rolls be audited by a trusted third party (such as the one used by pokerstars which gave me this: PokerStars shuffle verified by Cigital, PokerStars submitted extensive information about the PokerStars random number generator (RNG) to Cigital. We asked this trusted resource to perform an in-depth analysis of the randomness of the output of the RNG, and its implementation in the shuffling of the cards on PokerStars) or does that lead to potential exploitation as well?
It's not stupid, no.
The site uses the standard OpenSSL RAND_bytes call for its randomness.
http://www.openssl.org/docs/crypto/RAND_bytes.htmlI'm not sure what Pokerstars' claim is worth. Their game isn't provably fair. There's nothing to stop them submitting a fair RNG for auditing and then using a different, corrupt RNG to deal their games. Like when a company keeps two sets of books - one to show the auditor and one that tells the truth. I'm not suggesting Pokerstars is corrupt (though it's an accusation I see a lot), but the fact that they have a good RNG doesn't prove that they don't also have a bad one that they use exclusively.
OK, sure I get that it proves nothing going forward but what about going backwards? If they audit and see that there was true randomness in all events up until this point couldn't that prove a similar point? Maybe the only solution is to have everything back-checked at checkpoints every X period.