Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Gambling
Re: 🔶 YOLOdice.com 🔶 WEEKLY COMPETITIONS, fast bets BTC LTC ETH DOGE
by
yoloer808
on 11/04/2020, 13:52:33 UTC
Quote from: finity on Today at 06:13:21 AM
Quote from: yoloer808 on April 10, 2020, 09:35:48 PM
Quote from: ethan_nx on April 09, 2020, 04:10:53 PM
Yep, I've enabled investing a few minutes ago.


Great to see this, wanted to invest in a solid dice site for some time now. Took a detailed look at you platform, everything seems solid.

One question, in the provably fair, you use the very secure HMAC-SHA512 to generate the rolls - this is the industry standard. However, the hash of the seed is displayed with SHA256. Would it not be more prudent to standardize the hash in all cases to the more secure SHA512 algorithm? Better safe than sorry...

Indeed that is peculiar. Especially given the fact that all bitcoin miners can be re-purposed to try and brute-force sha256 hashes, I would expect it to be used less. Seems like a potential weak point of the provably fair algo.

Not sure about this, but it is reasonable to expect the hash of the seed to need to be more secure than the hash that generates the result. If anything, the HMAC-SHA512 for generating the result is overkill, compared to the SHA256 that is used to hash the server seed and is displayed to the user. The hash displayed to the user should considered to be more vulnerable and exposed to possible brute force, as you've mentioned.

@OP: Is there an actual technical reason for using the less secure SHA256 for the server seed, or would it be possible to standardize it to SHA512?