PokerStars Random Number Generator (RNG)
PokerStars submitted extensive information about the PokerStars random number generator (RNG) to an independent organization. We asked this trusted resource to perform an in-depth analysis of the randomness of the output of the RNG, and its implementation in the shuffling of the cards on PokerStars. Information about the results can be seen below.
Cigital, the largest consulting firm specializing in software security and quality, has confirmed the reliability and security of the random number generator (RNG) that PokerStars uses to shuffle cards on its online poker site, showing the solution meets or exceeds best practices in generating unpredictable and statistically random values for dealing cards.
“Truly random numbers are the heart of fair online gaming,” said Paco Hope, Manager of Cigital’s Gaming Services. “Our assessment looked at the entire solution, including the hardware and the software, and confirmed that the output of the RNG is cryptographically random and truly unpredictable.” Given the results of this examination Cigital believes that online players should have full confidence that each hand is randomly dealt and the cards being dealt cannot be predicted in advance.
Cigital analyzed the source code, entropy sources and documentation for PokerStars' RNG implementation. In addition, a sample RNG output stream provided by PokerStars was subjected to—and passed—FIPS 140-2 style testing. Using standard methods for exploiting RNGs and having full access to the source code, Cigital found no weaknesses in the PokerStars RNG, concluding that the implementation adheres to the current state-of-the-practice in generating random seed values.
"Cigital's reputation for excellence is well known in the gaming industry," said a PokerStars spokesperson. "Their previous discovery of critical RNG implementation weakness at a major online poker site made our decision to work with Cigital an easy one. Their considerable technical expertise and thorough approach to software reliability and security have established them as a trusted third-party evaluator."
"Building software that can properly generate reliable random numbers is non-trivial, but it is an absolute requirement in the gaming industry," said Dr. Gary McGraw, Chief Technology Officer at Cigital and author of the book Exploiting Online Games. "We are pleased to provide extensive expert analysis of the PokerStars random number generator and act as a trusted advisor. Our analysis shows conclusively that the PokerStars RNG used to generate the poker hands dealt on PokerStars makes proper use of statistically random sequences. A safe and fair gaming environment is an important part of any online gaming experience, and PokerStars meets those criteria."
Cigital, Inc. is the leading software security and quality consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Their recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client's unique requirements. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit www.cigital.com.
See the Certification of Security for Random Number Generator to find out more.
Entropy: a measure of a system's disorder or randomness.
FIPS 140-2: a U.S. government standard for implementations of cryptographic modules, that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations. FIPS 140-2 specifies security requirements that are to be satisfied by a cryptographic module used within a security system protecting information within computer systems.
Random Number Generator (RNG): a system, device or module that creates a sequence of apparently unrelated numbers.