PokerStars Random Number Generator (RNG)

PokerStars submitted extensive information about the PokerStars random number generator (RNG) to two independent organizations. We asked these two trusted resources to perform an in-depth analysis of the randomness of the output of the RNG, and its implementation in the shuffling of the cards on PokerStars.

BMM International is an independent testing agency and consulting practice involved with the design, evaluation, implementation, testing and management of computer and Internet systems. The company tests and certifies all forms of conventional and electronic commerce computer systems and networks, specializing in gaming, wagering and sports betting systems.

PokerStars provided BMM with the source code for its RNG and shuffle, and software that PokerStars uses to protect the security of random numbers. BMM then subjected the source code and the output of the RNG to rigorous testing, including the Marsaglia Die Hard tests.

BMM found that:

the PokerStars RNG and shuffle generate results that are truly random and unpredictable
the software used by PokerStars complies with all industry-standard requirements (including entropy sources, security, unpredictability, uniformity and fairness)
the software passed the Marsaglia Die Hard tests

BMM concluded that the PokerStars RNG and shuffle comply with the requirements of the standard "I0101 - Internet Gaming Random Number Generator Requirements."

www.bmm.com.au

Cigital, Inc. is a leading provider of solutions to speed the development and delivery of high-quality software. The company is a major provider of software quality management (SQM) solutions to major corporations worldwide, including Visa International, AOL Time Warner, Motorola, General Electric, Ericsson and many others.

Cigital has announced that it has confirmed the reliability and security of the random number generator (RNG) that PokerStars uses to shuffle cards on its PokerStars.com online poker site.

Cigital analyzed the source code, entropy sources and documentation for PokerStars' RNG implementation. In addition, a sample RNG output stream provided by PokerStars was subjected to - and passed - FIPS 140-1 testing. Using standard methods for exploiting RNGs and having full access to the source code, Cigital was unable to break the PokerStars RNG. Cigital found that the PokerStars implementation adheres to the current state-of-the-practice in generating random seeding values.

"Software that can generate reliable random numbers is an absolute requirement in the gaming industry," said Gary McGraw, Chief Technology Officer at Cigital. "Our analysis included extensive examination of the underlying algorithm for random number generation. We can state with confidence that use of the PokerStars RNG results in statistically random sequences used to generate the poker hands dealt on PokerStars.com. This, in turn, should provide a safe and fair gaming environment for the site's players."

"Cigital's reputation for excellence is well known in the gaming industry," said Dan Goldman, Vice President of Marketing at PokerStars. "Their previous discovery of critical RNG implementation weakness at a major online poker site made our decision to work with Cigital an easy one. Their considerable technical expertise and thorough approach to software reliability and security have established them as a trusted third-party evaluator."

www.cigital.com

Glossary

Entropy: a measure of a system's disorder or randomness.

FIPS 140-1: a U.S. government standard for implementations of cryptographic modules, that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations. FIPS 140-1 specifies security requirements that are to be satisfied by a cryptographic module used within a security system protecting information within computer systems.

Marsaglia Die Hard Tests: a stringent battery of tests for random number generators, developed by George Marsaglia, Professor Emeritus, Florida State University (who also developed a variety of widely-used RNGs).

Random Number Generator (RNG): a system, device or module that creates a sequence of apparently unrelated numbers.