Hacker News new | ask | show | jobs
by alexey-salmin 279 days ago
> For another, the system ties its number generation to the number of seconds that have passed since midnight, resetting once each day, which further limits the possible random values. Only about 86 million arrangements could be generated this way, the Reliable Software Technologies team discovered.

86 million is much less than 300 million possible combinations you can see after flop. This means after the flop you know which exact shuffle was used (with a few statistically unlikely collisions where you may have 2 or 3 options).
1 comments
caminante 279 days ago
Dude, this is so weird, and you continue to act in bad faith.

You need to specify UNIX 'date' as your intent as that phrasing wasn't used in the article.

It's also splitting hairs to say going from 300 million to 80 million is "much less" when that's not even the point of contention. Further to why you're splitting hairs, here's an actual research article [0] where the researchers point out that you needed the synched clock (not just the sysdate) to exploit it with hardware readily available at the time of the exploit, using Pentium 400s.

> That's enough to establish incompetence and/or gross negligence of the authors.

Going back to this claim, I really don't think you know what this term of art means. Ask a legal colleague/friend what they think is the criteria for "gross."

[0] https://web.archive.org/web/20140104095330/http:/www.cigital...

link
alexey-salmin 279 days ago
> You need to specify UNIX 'date' as your intent as that phrasing wasn't used in the article.

No, I didn't mean unix date, I mean literally date.

I can see two interpretations of the phrasing in the article. Either you have 86M shuffles per day (in this case knowing the date would benefit you) or you have 86M shuffles period (in this case even the date isn't necessary, you already have the totality of information). In both cases we can consider the problem of solving the game with 86M shuffles.

Syncing clocks is needed to enumerate all possible shuffles in real time on a 1999 PC, which is what the paper demonstrates. Doing this in realtime for 86M combinations wouldn't have been possible back then. However building a 1 Gb index file and making a HDD lookup in realtime was absolutely possible on very modest 1999 hardware, you can write such a program in a couple of hours.

Knowing the shuffle with three more rounds of betting to go represents a completely broken poker game, not just some minor biases in outcomes.

I have absolutely no idea what hairsplitting you are talking about, let alone bad faith discussions. 86M combinations is such a little number that you can analyse all of them and solve the game even on 1999 hardware. It's a fact, not a matter of opinion or idealistic standards. If you can just kindly acknowledge this fact, no further discussion will be necessary.

link
caminante 278 days ago
> No, I didn't mean unix date, I mean literally date.

Then, your entire comment is predicated on a mis-quote you emphasized. The article said "seconds," not day of the month. You need to work on clarity, if that was your intent.

> I have absolutely no idea what hairsplitting you are talking about

Either you're lying to me or yourself.

See discussion about "negligence" that you conveniently ignore. Meanwhile, you're tilting at windmills as you keep insinuating someone is arguing against you on the point of algorithmic flaws.

link
alexey-salmin 278 days ago
I'm sorry, but you simply don't understand how the exploit works. You don't need to guess the seed of the RNG, you don't need to synchronize anything, none of that matters.

There is such a low number of possible seeds that you can try them all, enumerate all possible shuffles, then check which one of them you've got. Then you know everyone's cards. This is why the game is fatally broken. That's it.

Call it negligence or not, I don't care much. But I'm amused by the fact that you fail to understand a basic combinatorics problem.

link
caminante 278 days ago
Yeah yeah...more ad hominems and strawmen.

> Call it negligence or not, I don't care much.

More bad faith.

link
alexey-salmin 278 days ago
I have no intention of building straw men or bad faith arguments. If I assume good faith on your part (which becomes increasingly hard), the only explanation to your position above is some sort misunderstanding of the combinatorial problem.

So, very simple and good-faith-not-a-straw-man question: do you agree that with 86M possible seeds you can guess all the cards with high probability after you see the flop? No clock synchronization necessary or any other tricks, just direct precomputation of all possible shuffles.

Yes or no would suffice.

link