Quote:
Originally Posted by WEC
My guess is 99.99% of current online poker players have zero idea of the Planet Poker situation where a team developed the ability to determine future community cards. My experience is I have run across very few who have heard of it.
If it was more widely known, rigged threads would triple  |
Right - this is probably ancient history known only to a handful of us dinosaurs. However, if nothing has changed, the Planet Poker security hole is nicely documented in the bowels of the PokerStars website, but I can't in good conscience link to a fearsome competitor here
In summary, Planet Poker was so proud of their pseudo-RNG algorithm that they published it for the whole world to see. The problem was that they used the system's internal clock as the original seed for their RNG. That's fine for your freshman computer science craps simulator project, but it won't cut it if you actually want untraceable results.
A bunch of guys got together and simply implemented the same algorithm that Planet had documented so nicely. However, they couldn't be 100% sure of exactly where the system clock (with one-second granularity) was on the Planet servers. No problem - they simply ran the algorithm using every system clock for (e.g.) 60 seconds on either side of what time
their system thought it was. When the hole cards their algorithm predicted lined up with the hole cards they got on Planet, they knew what time the Planet server thought it was. At that point, it'd just be a matter of verifying their synchronization on occasion and re-syncing as necessary.
The good news is that rather than exploiting this and destroying the Planet player base, they published a paper. IIRC, there was another group who'd done the same work but was intending to exploit the hell out of it. Of course, the good guys' publishing their results put the bad guys out of business pretty quickly.
Frankly, this whole affair was probably good for the industry as a whole. It taught us that we really did have to use cryptographically strong techniques. Such techniques are extremely well understood in academic, business, and defense circles (and were when the online poker business started). The matter of securely shuffling a deck of cards is a long-solved problem and relatively easy to implement; as far as I can tell, everybody is doing it "right" now.
Regards, Lee
P.S. Interestingly, Full Tilt doesn't actually shuffle a deck. You might visualize their model as what you see when they pick the lotto balls on TV. Every time they need a card, they reach into a whirling jumble of playing cards and randomly snatch one out of the air. PokerStars (and Cake) shuffle a deck of cards and deal off the top as you would a real deck.
Andy Bloch once argued to me that the FTP method is more secure because there's not a single deck "state", which, if determined, would allow you to predict all the players' and board cards. That's true, but not material, to my mind. If somebody can predict your deck state, you've got bigger problems than that anyway.
I think we've all learned that the
real danger is in internal back doors - not somebody reverse-engineering the card generation algorithm.
Two Plus Two
on the river as the 2
, regardless of how long you take to call.
Linear Mode
