Every time you sit down at a CardRoom.com table, you can be assured that each
hand is being dealt randomly, with fair play and real-life action at the forefront.
CardRoom.com’ssoftware and Random Number Generator have been subjected
to rigorous third-party verification, and have passed each test with flying colors. We know
that you expect a fair shake every time you ante, and our team is committed to providing you
with that experience 24/7.
Game Integrity
CardRoom.com is committed to delivering first-rate security and ensuring the
integrity of all our players. In this endeavor, we engaged the services of leaders in the
industry of software quality management ("SQM") including Cigital, Inc. in November
of 2003. In the case of Cigital we provided them full access to both the Random Number Generation
("RNG") source code and shuffling algorithms; as well as our system architecture.
Cigital ran the CardRoom.com software through a battery of analyses including,
FIPS 140-1, the U.S. government standard for cryptographic software systems and the Marsaglia
Die-Hard tests. CardRoom.com was also subjected to the stringent requirements
of the Berlekamp-Massey examination, which many Pseudo Random Number Generators ("PRNG")
fail. Please click here for an article on the shortcomings of PRNG.
CardRoom.com met, and exceeded, all the above criteria and Cigital was incapable
of ascertaining any statistical weaknesses therein or breaking the RNG.
The Shuffle and Entropy
There is a high degree of importance ascribed to the provision of a solid shuffling algorithm. However,
as a prerequisite to the above, it must be "seeded" from an adequately appropriate entropy
source. When analyzing cryptographic generators the measure of its "randomness" is often
referred to as entropy.
Two critical main ingredients in generating randomness are a large number of bits representing a
sizeable seed and a diversified non-predictable entropy pool, both of which are critical in the
application of the shuffle. To maximize these requirements, and avoid any of the pitfalls enumerated
above, we combine the two (2) below random sources of entropy by XORing (exclusive-OR) them together.
Various software, hardware and user data, including, but not limited to, items
such as process and thread identification, free disk clusters and the hashed user environment block.
Thermal noise as generated by the decay of proven hardware sources that are shielded from any
environmental interference. This external device is governed by the laws of quantum physics,
and as a result is non-deterministic.
Random Number Generation
There exists a commonality between random number generation for data security purposes and
that of shuffling cards, as the goal in both cases is to produce a stream of values that
cannot be predicted using any and all available information. It is quite imperative in the
case of random number generation to use a significantly large enough seed to provide for
all possible combinations of shuffled decks. Most standard PRNG systems utilize a thirty
two (32) bit seed, which would generate 232, or 4,294,967,296 arrangements. Considering
that there exists 52!, or 8.0x1067 ways to shuffle a deck of cards, the utilization of
the above PRNG would only produce 5.0x10-57% of the potential distributions from such an
exercise.
Our servers use multiple random number sources as the basis for card shuffling. Each table
is given a deck, which we shuffle before each deal by removing one card at a time from a
random position until a new one is generated from the aggregate selections.
Shuffling commences with strong industry tested random number generation incorporating
several source entropy streams that are fed into a SHA-1/RC4 generator to ensure resistance
to cryptographic analysis.
While a deck of cards can be shuffled 8.0x1067 ways the resultant XOR entropy stream that we
utilize has 780 random bits to achieve a significant degree of statistical unpredictability.
In order to maintain a continuous supply of randomness we utilize multiple non-algorithmic
entropy sources.
To convert a random bit stream into the required range of values without bias we discard any
out of limit numbers. If we were to necessitate a given random value in the range of 0-63,
and have fifty one (51) cards from which to select, we would proceed in the following manner:
First, elicit a six (6) bit random stream and convert that into a value in the given range of 0-63.
Then, if necessary, we discard every value between 52 and 63 inclusively.
To perform the actual shuffling of a deck we utilize the parameters as provided in
the below operation.
To shuffle a 52-card deck, we select one of the 52 cards and place it as the first card
of a deck to be formed. We then randomly choose one of the remaining 51 cards and place
it into this deck.
For every card in a deck that remains to be shuffled we obtain a random value between 0 and
n - 1, where n is the number of remaining cards to be shuffled in the deck.
We repeat this process for the other 51 cards to determine which is to be dealt next; and
that becomes the 2nd card.
This process continues 51 times until the last remaining card is removed from the old deck and
placed into the newly shuffled one.
Check out the Interactive Help section for
information on all of our cool game features.
If you still have questions, try visiting the
FAQ page or contacting one of our friendly
customer support representatives.