Every time you sit down at a CardRoom.com table, you can be assured that each hand is being dealt randomly, with fair play and real-life action at the forefront. CardRoom.com’ssoftware and Random Number Generator have been subjected to rigorous third-party verification, and have passed each test with flying colors. We know that you expect a fair shake every time you ante, and our team is committed to providing you with that experience 24/7.

Game Integrity

CardRoom.com is committed to delivering first-rate security and ensuring the integrity of all our players. In this endeavor, we engaged the services of leaders in the industry of software quality management ("SQM") including Cigital, Inc. in November of 2003. In the case of Cigital we provided them full access to both the Random Number Generation ("RNG") source code and shuffling algorithms; as well as our system architecture.

Cigital ran the CardRoom.com software through a battery of analyses including, FIPS 140-1, the U.S. government standard for cryptographic software systems and the Marsaglia Die-Hard tests. CardRoom.com was also subjected to the stringent requirements of the Berlekamp-Massey examination, which many Pseudo Random Number Generators ("PRNG") fail. Please click here for an article on the shortcomings of PRNG.

CardRoom.com met, and exceeded, all the above criteria and Cigital was incapable of ascertaining any statistical weaknesses therein or breaking the RNG.

The Shuffle and Entropy

There is a high degree of importance ascribed to the provision of a solid shuffling algorithm. However, as a prerequisite to the above, it must be "seeded" from an adequately appropriate entropy source. When analyzing cryptographic generators the measure of its "randomness" is often referred to as entropy.

Two critical main ingredients in generating randomness are a large number of bits representing a sizeable seed and a diversified non-predictable entropy pool, both of which are critical in the application of the shuffle. To maximize these requirements, and avoid any of the pitfalls enumerated above, we combine the two (2) below random sources of entropy by XORing (exclusive-OR) them together.

• Various software, hardware and user data, including, but not limited to, items such as process and thread identification, free disk clusters and the hashed user environment block.
• Thermal noise as generated by the decay of proven hardware sources that are shielded from any environmental interference. This external device is governed by the laws of quantum physics, and as a result is non-deterministic.

Random Number Generation

There exists a commonality between random number generation for data security purposes and that of shuffling cards, as the goal in both cases is to produce a stream of values that cannot be predicted using any and all available information. It is quite imperative in the case of random number generation to use a significantly large enough seed to provide for all possible combinations of shuffled decks. Most standard PRNG systems utilize a thirty two (32) bit seed, which would generate 232, or 4,294,967,296 arrangements. Considering that there exists 52!, or 8.0x1067 ways to shuffle a deck of cards, the utilization of the above PRNG would only produce 5.0x10-57% of the potential distributions from such an exercise.

Our servers use multiple random number sources as the basis for card shuffling. Each table is given a deck, which we shuffle before each deal by removing one card at a time from a random position until a new one is generated from the aggregate selections.

• Shuffling commences with strong industry tested random number generation incorporating several source entropy streams that are fed into a SHA-1/RC4 generator to ensure resistance to cryptographic analysis.
• While a deck of cards can be shuffled 8.0x1067 ways the resultant XOR entropy stream that we utilize has 780 random bits to achieve a significant degree of statistical unpredictability.
• In order to maintain a continuous supply of randomness we utilize multiple non-algorithmic entropy sources.
• To convert a random bit stream into the required range of values without bias we discard any out of limit numbers. If we were to necessitate a given random value in the range of 0-63, and have fifty one (51) cards from which to select, we would proceed in the following manner:
• First, elicit a six (6) bit random stream and convert that into a value in the given range of 0-63.
• Then, if necessary, we discard every value between 52 and 63 inclusively.

• To perform the actual shuffling of a deck we utilize the parameters as provided in the below operation.
• To shuffle a 52-card deck, we select one of the 52 cards and place it as the first card of a deck to be formed. We then randomly choose one of the remaining 51 cards and place it into this deck.
• For every card in a deck that remains to be shuffled we obtain a random value between 0 and n - 1, where n is the number of remaining cards to be shuffled in the deck.
• We repeat this process for the other 51 cards to determine which is to be dealt next; and that becomes the 2nd card.
• This process continues 51 times until the last remaining card is removed from the old deck and placed into the newly shuffled one.