Slot machine cheat
From Wired Magazine
Our summary of the article:
- -This is a classic example of a casino relying on “secrets” during random numbers generation (secrets=privileged information that is only available to one or more parties). Hence, although, the gambling machines were “built to and approved against rigid regulatory technical standards”, these machines could be attacked if the secrets were exposed.
- -The vulnerability of the software installed on these machines was discovered by a criminal organization. The interesting twist in the story is that the attack was executed by outsiders that learned about the internal workings of the RNG: they did not need to change any system internals to break into the RNG!
Some lessons from the article:
- -One cannot rely on the secrecy of software and secret information.
- -Incentives to break into casino and lottery systems are high! There are always people that try to figure out how to beat the system. Sooner or later somebody will succeed.
- -Such an attack will usually not leave any traces.
- -Random number generation should be secure even if an adversary knows the algorithms and can learn about the internal state of the machine – i.e. even then random numbers should be unpredictable.
At Szrek, we do not have any secrets that could be exposed that would make our RNG vulnerable. We have always used publicly available algorithms. There is no information on our system that would enable anyone to predict random outcomes.
Instead of relying on secrets, we augment protective security with a cryptographic solution (that uses standard cryptographic algorithms) that protects the RNG from the inside.