Sign in Subscribe
Provably Fair

Why "Provably Fair" Does Not Mean Fair - And Why You Need an Independent Audit

Hash verification proves integrity, not fairness. A casino can pass every provably fair check and still rig every roll. Here is exactly how - and what actually protects you.

6 min read
Why "Provably Fair" Does Not Mean Fair - And Why You Need an Independent Audit

The Uncomfortable Truth About Provably Fair

I've spent 23 years watching casinos from the inside. Croupier, floor supervisor, pit boss - I've seen every trick in the book. And when crypto casinos started slapping "Provably Fair" badges on their sites, I thought: finally, math you can check.

I was wrong. Not about the math. The math is real. But "provably fair" has a hole in it big enough to drive a truck through - and most players don't even know it's there.

Let me show you.

What Provably Fair Actually Proves

Here's the standard pitch every crypto casino gives you:

  1. Before your bet, the casino commits to a server seed by publishing its SHA-256 hash.
  2. You provide your client seed.
  3. The two seeds combine to generate the outcome (HMAC-SHA256 or SHA-512, depending on the casino).
  4. After the round, the casino reveals the server seed. You hash it yourself - if it matches the pre-committed hash, the game was "fair."

Sounds bulletproof, right?

It proves exactly one thing: the server seed wasn't changed after your bet.

That's it. That's the whole guarantee. Integrity - not fairness.

The Timing Attack: How a Casino Can Rig Every Roll and Still Pass Verification

Here's what the "provably fair" badge doesn't protect you from.

Security researcher monk-afk published a working proof of concept demonstrating exactly how this exploit works. It's open source. Anyone can read it. And it's devastating.

The attack works like this:

Step 1: The Casino Waits

You submit your client seed and your bet. Standard procedure. Nothing unusual.

Step 2: The Casino Now Knows Your Seed

Between receiving your client seed and delivering the result, there's a window. Milliseconds. But milliseconds is all a server needs.

Step 3: The Brute Force

The server takes your client seed and starts cycling through potential server seeds. SHA-256 is fast - a modern server can compute millions of hashes per second. For each candidate seed, it calculates what the roll outcome would be.

In the proof of concept, the server finds a losing seed in under 200 attempts. That's microseconds of compute time.

Step 4: Commit and Reveal

The server picks the seed that produces a loss, commits to it, and presents it to you. The hash matches. The verification passes. You lost - and the math says everything was fine.

Because it was. The seed wasn't tampered with after generation. The hash is valid. The HMAC checks out.

The casino just chose which seed to use after seeing your cards.

Why Hash Verification Can't Catch This

Think about it this way. I hand you a sealed envelope and say "the result is inside." You make your bet. I open the envelope - sure enough, the result is there, and you lost.

What you can verify: the envelope was sealed. The result matches what I committed to.

What you can't verify: when I sealed it. Did I seal it before or after you told me your bet? Hash verification has no answer for that question.

This is the fundamental gap. HMAC validation confirms integrity - it confirms the seed wasn't altered after the fact. It says absolutely nothing about why or how the casino picked that seed in the first place.

Which Casinos Are Vulnerable?

Any casino where the server commits to its seed after receiving your client seed for that round. That's a lot of them.

The proof of concept specifically targets systems like those used by freebitco.in and duckdice.io, but the vulnerability is structural - it applies to any provably fair implementation where seed commitment timing isn't cryptographically enforced.

Crash games with public hash chains (like Bustabit's model) are partially protected because the entire chain is pre-committed. But per-user seed systems? Wide open - unless the casino proves the timing of seed generation independently.

What Actually Protects You

Two things. Only two things.

1. Cryptographic Timing Proof

The server must commit to the seed for round N+1 before it knows your client seed for round N. Not after. Not simultaneously. Before. And this commitment needs to be independently verifiable - not just a hash the casino publishes on its own site.

2. Independent Statistical Auditing

This is where it gets real. Even if seed commitment is honest, you still need someone to check the outcomes. Not the hashes - the actual results.

  • Do the roll distributions match expected probability? Over thousands of bets, dice results should be uniform.
  • Are there patterns in winning and losing streaks that deviate from random chance?
  • Does the house edge in practice match the advertised edge?
  • Do outcomes pass NIST SP 800-22 randomness tests?
  • What does PractRand say when you feed it a hundred thousand outcomes converted to a binary stream?

A casino can rig the seed selection and still pass hash verification. It cannot rig the seed selection and pass a proper statistical audit - because the outcomes will betray it. Math doesn't lie. Not over large sample sizes.

The "Just Rotate Your Client Seed" Advice

You'll hear this a lot: "Just change your client seed after every bet."

In theory, yes - if you rotate your client seed after every single roll, the server has no time to pre-compute a losing seed for the next round.

In practice? Nobody does this. The proof of concept notes that "users almost never change their client seed during an active session." The casinos know this. They're counting on it.

And even if you do rotate - you're putting the burden of fairness on the player. That's backwards. You wouldn't accept a brick-and-mortar casino telling you "the roulette wheel is fair, but only if you personally check the bearing alignment before every spin."

What We Do Differently

At FairPlay Audit, we don't just verify hashes. Anyone with a SHA-256 calculator can do that.

We run the numbers. Real statistical analysis on real bet data:

  • NIST SP 800-22 - the U.S. government's standard battery of randomness tests. Frequency analysis, runs tests, serial correlation, entropy estimation.
  • PractRand - the gold standard for detecting subtle non-randomness that NIST misses. Originally built to test random number generators, we adapted it for casino outcome streams.
  • Distribution analysis - chi-squared goodness of fit, Kolmogorov-Smirnov tests, autocorrelation checks.
  • House edge verification - does the actual player loss rate match the advertised edge, or is someone skimming?

A casino that rigs seed selection will pass hash verification. It will not pass our audit. The statistical fingerprint of manipulated outcomes is detectable - and we publish everything, including raw data and methodology, so you can check our work too.

The Bottom Line

Provably fair is better than nothing. It's a real step forward from the black-box RNG systems of traditional online casinos. I'll give it that.

But it's not enough. It was never enough. It proves the casino played by its own rules - not that the rules were fair to begin with.

The next time a casino waves its "provably fair" badge at you, ask yourself one question: who verified the verifier?

If the answer is "nobody" - you're trusting, not verifying.

Want to see how a real audit works? Check out our verification tools or read our published methodology. Every test we run, every dataset we use, every conclusion we reach - it's all public. Because that's what "provably fair" should actually mean.

For real-world evidence, see our independent audit of Stake's 1,200+ provably fair games - where the RNG passed every statistical test, but the business practices told a different story.

Next Step

Verify Your Casino Bets Yourself

Our step-by-step guide walks you through the exact verification process. No tools needed, no trust required. If the casino is honest, the math will prove it.

How to Verify Provably Fair Games →

Sources & Further Reading:

Wondering why some casinos resist this kind of testing? We've documented the seven most common excuses casinos give to avoid independent audits - and dismantled each one.

Sign up for more like this.

Enter your email
Subscribe