I am wondering how this is even possible. It seems the period of the PRNG must be very long and/or the rate at which it increments must be very slow in order for someone to time a press of the spin button. I would think that with processor clock speeds in the GHz range (or even 100s of MHz), it should be possible for the PRNG to cycle through all the possible outcomes in a second or so, making it seemingly impossible to time the pressing of the spin button. I must be missing something in the way PRNGs work in slots; can anyone enlighten me?
A) The slot machine's PRNG algorithm was using a weak source of entropy as a seed, which made the values predictable in some way
B) The PRNG algorithm was not great or had a bug where the results had some sort of bias, or would repeat after a certain amount of time
C) The hacker was able to get malicious code into the machine somewhere along the line
D) The machine was using a hardware RNG, which can fail silently and produce predictable results
Here's an explanation I wrote in another thread about how PRNG seeding works:
Computers aren't physically capable of generating randomness because they are deterministic, meaning any program they execute takes an input and produce a completely predictable output with no variation or error.
Hardware based random number generators, attempt to capture some sort of physical noise as a source of entropy. Software based number generators attempt to simulate that chaotic randomness, since they are physically bound to the deterministic nature of computers, thus why they are considered pseudo-random. What these algorithms do is extrapolate a series of pseudo-random values from a fixed input, which is called the seed.
Seed values can range from things like system time in milliseconds (not a great source of randomness), to a combination of high accuracy system values/counters.
For example, Microsoft's cryptographic secure RNG seeds itself with the following parameters:
- The current process ID
- The current thread ID
- The tick count since boot time
- The current time
- Various high-precision performance counters
- An MD4 hash of the user's environment block, which includes username, computer name, and search path
- High-precision internal CPU counters, such as RDTSC, RDMSR, RDPMC
The best physical analogy of a psuedo-random number generator I can think of is a double pendulum.
Look at this short video:
A double pendulum is a chaotic system that is extremely sensitive to an initial state (e.g. the seed state), and the seemingly random motion is very hard to predict/calculate, even though the system still functions within the bounds of physics (e.g. determinism in the case of algorithms).
It seems the period of the PRNG must be very long and/or the rate at which it increments must be very slow in order for someone to time a press of the spin button. I would think that with processor clock speeds in the GHz range (or even 100s of MHz), it should be possible for the PRNG to cycle through all the possible outcomes in a second or so, making it seemingly impossible to time the pressing of the spin button.
Some people - mainly musicians, apparently - have demonstrated the ability to time a periodic event (e.g. a light that blinks once every second) to within 1/10,000 of a second. Even with a 1 GHz PRNG, someone who knows the period of the jackpot number, assuming it is regular, and can time it to 1/10,000 of a second can reduce the number of "random" numbers to a set of 200,001, since a 1 GHz PRNG will generate 100,000 numbers in 1/10,000 of a second. That doesn't sound like much, but if the jackpot pays more than 200,000-1, then it is an advantage play.
This method works much better when the number of possibilities is small, such as E-roulette or E-craps; in 1/10,000 of a second at 1 GHz, each of the 36 possible rolls of a pair of dice, or each possible number on a roulette wheel. occurs over 2700 times. Even at 10 MHz, each occurs around 27-28 times.
Nowadays, however, it seems you wouldn't even need a PRNG provided it cycled thru the sequence of outcomes fast enough. A simple counter could suffice, I would think (not factoring in the abilities of some musicians :)