I understand you drop me some code okei but you know how easy is to hide the rest of the code or additional code packages. Like yo 
The only way people trust that site (Just-Dice) is because its possible to verify that code is the code that determines the bet number.
https://just-dice.com/lucky.txt
Quote
function lucky_number(server_seed, client_seed, nonce, betid) {
var hex_chars_to_use = 5;
var nonce_str = nonce.toString();
var hash;
if (betid < 145000000)
hash = crypto.createHmac('sha512', server_seed).update(client_seed + ':' + nonce_str).digest('hex');
else
hash = crypto.createHmac('sha512', nonce_str + ':' + server_seed + ':' + nonce_str).update(nonce_str + ':' + client_seed + ':' + nonce_str).digest('hex');
var len = hash.length;
for (var i = 0; i < len; i += hex_chars_to_use) {
var hex = hash.substring(i, i + hex_chars_to_use);
var lucky = parseInt(hex, 16);
if (lucky < 1000000)
return lucky;
}
// the 26th substring will always be <4096 (3 hex digits), so we won't get here
util.log(0, 'RAN OUT OF HASH! using ' + hash + ' - returning', 0);
return 0;
};
var hex_chars_to_use = 5;
var nonce_str = nonce.toString();
var hash;
if (betid < 145000000)
hash = crypto.createHmac('sha512', server_seed).update(client_seed + ':' + nonce_str).digest('hex');
else
hash = crypto.createHmac('sha512', nonce_str + ':' + server_seed + ':' + nonce_str).update(nonce_str + ':' + client_seed + ':' + nonce_str).digest('hex');
var len = hash.length;
for (var i = 0; i < len; i += hex_chars_to_use) {
var hex = hash.substring(i, i + hex_chars_to_use);
var lucky = parseInt(hex, 16);
if (lucky < 1000000)
return lucky;
}
// the 26th substring will always be <4096 (3 hex digits), so we won't get here
util.log(0, 'RAN OUT OF HASH! using ' + hash + ' - returning', 0);
return 0;
};
Going back to the code I posted.
Quote
hash = crypto.createHmac('sha512', server_seed).update(client_seed + ':' + nonce_str).digest('hex');
The server creates a server seed, basically a string known only to the site owner.
He wants to prove that he is not changing the seed to change your outcome, but at the same time does not want to give you the seed otherwise you can cheat. So he gives you a hash of the seed and you can now hold onto that. Next you are asked to either provide a client seed or one will be generated for you. Each bet has a nonce that iterates every time you bet too.
The server takes the server seed that was generated before you punched in the client seed, and joins them together with the nonce. By doing this the HMAC that determines your roll cannot be pre generated to give bad rolls because you knew the hash of the server seed before giving the client seed, so after the roll you can tell if the server cheated by checking the actual server seed vs the hash you had before.
There is no way for the site to fake anything because you know before you give your info (client seed) that the server has generated a server seed without knowledge of the client seed.
After the roll you can prove the server seed was not tampered with because you can take the information and run that code I quoted yourself to prove its the same function being run.
The HMAC has totally different output based on any change of the input, so the client seed totally generates a new number that the server cannot predict when the server generates its server seed.
If you believe the above process is insecure for the gambler then you are a genius, breaking SHA would make you world famous and probably an overnight millionaire!