Which random number generator?


#1

There is a separate, rather painful, thread on chances, let’s not talk about that.

What I’m courious about is which number generator are they using

I understand SG might not be in the position of telling us exactly how they do it, but a statement that says:

“We use the [put the name of your favorite “good” Pseudo Random Generators here] PRNG and take the seeds from the Hardware Random number generator Y (/dev/random?). We all monitor the generated numbers with the usual statistical test (chi-square being just one) and they are guaranteed to be ‘random’ at 99.9%”

Would be very reassuring to me.


Just the place for a Snark! I have said it once
#2

#Nofivestarforyou

Thats his name.


#3

eheh, there are mandatory jokes on random numbers:

XKCD:

Dilbert:


#4

Average developers know a lot about random generators and seeds, plus they often have enough time to do research and test it. So I guess you’ll get a reassuring reply soon.

Sure. :wink:


#5

Check this out: https://docs.unity3d.com/ScriptReference/Random.html

On their website they’re looking for developer and there’s Unity mentioned in job description in the first place, so I guess they develop game in it.


#6

It doesn’t matter. Let’s say they replied:

We don’t bother with any sort of PRNG. We just use the first million digits of Pi on a loop.

Would this be unfair in any way? No. Would there be any way for players to game this? No. Is this what they actually do? Probably not - they probably use a decent PRNG. But the details of it are irrelevant.


#7

Well, using the first million of digit of PI might be risky,
if one ever manages to get where they started (say by sniffing the network) they could predict next outcome (destroying randomness).

Also, they generate much more than one millions of random events, we might start noticing patternes.

And you are perfectly right, that’s not how they do it :smile:

Usually the “standard” random number generator in languages or libraries (Unity has been mentioned, but I’m not familiar with its prng) is really poor. They are designed to be fast but not to be statistically “correct” (i.e. they would look “random” to an external observer).

That’s why I’m curious, they are doing something that is not easy to achieve and I’d like to see how they are doing it.


#8

I’ve been told the secret sauce in RNGing in general isn’t in which §RNG they use, but rather in how they seed it.


#9

There are well over a million daily players. (How many is it now? Two or three million? Can anyone update us?) I’m reluctant to speculate how many ‘random’ numbers are required each second even server-side only to support these players: many, I would suggest.

If a devious and dastardly hacker could sniff the network with sufficient skill to identify the ongoing sequence of numbers being generated (a huge ask, I suggest) pinpoint where they occur within the first million digits of Pi and thus predict what the next few ‘random’ numbers would be, to exploit that knowledge they would need to be able to precisely sequence their server requests to coincide with favourable digits.

I’m not saying that’s impossible. I am saying that if a person had the skills to do that then they would probably utilise them in considerably more profitable ways than obtaining Guin and Alby so they can get good at Empires & Puzzles.

I don’t think we need to invest a lot of energy worrying about this.


#10

I was just curious :slight_smile:

I’m perfectly fine with my (almost empty) loots, I know that this is the way “luck” works …


#11

You underestimate the willingness of gamers to waste their skill and potential on uselessly hacking a game like this, rather than improving global climate models, calculating protein folding that would cure cancer or exposing government secrets of unethical conduct, just to name a few. :wink:

More seriously, there is a category of game hackers that have their own toolset of the trade and use it on every high enough profile game, so they can sell the hacks they’ve gotten working. I am saying that if a person had the skills to draw a Guin and Alby at will from the game, they’d sell that to everyone and their uncles rather than just get good at E&P themselves. These hackers care nothing about the games, just about making money off those that would cheat.


#12

Fair point, well made.


#13

I agree and I trust the SG programmers to know about this and take the proper countermeasures.

Would I be them (I’m not so lucky) I would never compromise on security of the RNG.

Say, just for argument, that I discover that RNG are generated on my phone and just the seeds are sent from the server when I connect to the game.

And say that they used the standard RNG within Unity which happens to be (I don’t know, I’m just speculating) a LCG with known constants. Then I could predict the sequence of random number by sniffing the traffic and getting the seeds.

Note that this would be a massive, massive effort of reverse engineering as I should also relate the sequence of (no longer) random number to game events. (just the thought of it makes me feel dizzy)

It’s very complicated and with some care it can be made even more complicated so that (bad) hackers will go elsewhere to find an easier target.

I trust SG programmers, as a fellow programmers I can see how complex this product is. I’m sure they are having their share of troubles in taming the code base, but the foundations seem very solid.

Really, all the criticisms are not deserved. Kudos to those who managed to make this game working!


#14

I find it hard to find solid base for such trust. That’s not me saying I distrust them, rather me saying it’s impossible for me to express actually founded trust in them. For that to happen I’d need actual information, and it’s better if the general audience didn’t have that, I’m sure.

One might argue the fact that I’ve spent money on this game is a token of trust. I guess that’s at least partly true, but that trust is more based on me not experiencing any noticeable lessening of my enjoyment of the game due to hackers/hack users than on actual faith in programmers.

I don’t know of any hacking in regards to the RNG of this game, so I guess that indicates the game’s safe in that respect, at least for now. It’s an arms race. Plug one hole, they drill a new one elsewhere.


#15

For what it’s worth, I think smarter people than me have deduced that tile “random” numbers are generated client-side, while summons and loot “random” numbers are generated server-side. (Please don’t hold me to this - it’s just what I remember.) If you have a dig around old forum posts you can probably find the discussion.


#16


#17

When you talk about security, having a system like this running for more than one year without any major incident is a strong sign. I was talking about RNG but there are a lot of other ways to hack a system like this, if programmers are not careful.

If a real hack existed we would surely know after one year and the hole would have been fixed. Otherwise it would be the end for SG as a company. Nobody would spend any money in a game that allows others to have more than you just by cheating.

I trust the programmers to wanting to keeping this game alive. And from what I can see, they are doing it well.

Maybe, in the future, somebody will find a bug to exploit, but for now I have no reason to complain.


#18

I have read about several hacks out there for this game, just because they are not well published doesn’t mean it isn’t happening,


#19

It sounds reasonable to me, it’s a good way to split between client and server. Imagining to generate all those numbers centrally (and doing in the right way) would be much more demanding (not to mention the resilience to temporary network disconnection).


#20

I’ve read the same. But I haven’t find anyone (not even one) that could show me the effect of such hacks.

Do you have any example? I might stop playing tomorrow if that’s the case.