Laura Diane Hamilton

Technical Product Manager at Groupon


When Random Isn't Random Enough: Lessons from an Online Poker Exploit

Today I am going to retell a story from 1999, a story in which developers of a popular online poker platform implemented card-shuffling software with a handle of subtle but critical bugs.

Image credit: David Wells on Flickr

Although this story is 15 years old, the lessons it holds for algorithm developers are still relevant.

It's far to easy to introduce subtle bugs into random number generators and algorithms, and those bugs can have disastrous results.

In online poker—as in real poker—the game starts with the shuffle. It's important to ensure that the shuffle is randomly distributed.

There are 52 distinct cards in a fair deck; there are 52! distinct possible shuffles. Or 8.0658x1067. Which is a big number.

In 1999, ASF Software, Inc. provided the software behind many of the popular online poker platforms of the era. They published their shuffling algorithm.

Here it is. Take a look and see if you can spot a flaw.

procedure TDeck.Shuffle; var ctr: Byte; tmp: Byte; random_number: Byte; begin { Fill the deck with unique cards } for ctr := 1 to 52 do Card[ctr] := ctr; { Generate a new seed based on the system clock } randomize; { Randomly rearrange each card } for ctr := 1 to 52 do begin random_number := random(51)+1; tmp := card[random_number]; card[random_number] := card[ctr]; card[ctr] := tmp; end; CurrentCard := 1; JustShuffled := True; end;

Flaw #1: An Off-by-One Error

The algorithm above tries to iterate over each card in the deck, swapping each card with another randomly chosen card in the deck. However—every programmer has made this mistake before—there's an off-by-one error. The function random(n) returns a number between 0 and (n-1), not between 1 and n as the programmer intends. As a result, the algorithm will never swap the 52nd card with itself; the 52nd card can never end up in the 52nd place. So that is the first reason the "random" card shuffling isn't really random.

Flaw #2: The Shuffle Isn't Uniform

The flawed algorithm above swaps the ith card with a random card selected from the entire deck—all 52 cards. A proper shuffling algorithm will swap the ith card only with a card in the interval (i, n). That is, it considers each element for a random swap only once. There are n! unique shuffles, and the proper shuffling algorithm generates each shuffled deck only once. The original bad implementation makes certain decks significantly more likely than others.

Flaw #3: Using a 32-bit Seed

If your business or technology depends on using random numbers, your best bet is to use a hardware random number generator. ASF didn't do that. They used a deterministic machine with a software pseudo-random number generator. Worse, they used a 32-bit seed. Because the output of the pseudo-random number generator is 100% determined by the seed, there are only N^32 possible seed values—meaning only N^32 possible shuffles. That's only about 4 billion possible shuffles, out of a total of 8.0658x1067 theoretical possible shuffles.

Flaw #4: Using the System Clock as a Seed

The flawed algorithm used the Pascal function Randomize(), which chooses the seed based on the number of milliseconds since midnight. But there are only 86,400,000 milliseconds in the day—which means that there are only 86,400,000 possible shuffles that the flawed algorithm could produce.

But it gets worse. Because the random number generator seed is based on the server time clock, hackers synchronized their program with the server clock and were able to reduce the number of possible shuffles to only 200,000. At that point, once the hacker knew 5 cards in the shuffle, he could quickly search through the 200,000 possible shuffles in realtime and find the exact one in his game. So once the hacker knew the 2 cards in his hand and the 3 cards in the flop, his program could tell him which cards would come on the turn and the river, as well as which cards every other player held.

Some final words of wisdom from Robert Sedgewick, author of Algorithms:

"That's a pretty tough thing to have happen if you're implementing online poker. You might want to make sure that if you're advertising that you're doing a random shuffle that you go ahead and do so."—Robert Sedgewick, Professor of Computer Science, Princeton is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to