At Roll4 we love talking about technology! You’ve already seen how to use spreadsheets to make Better Roll Tables, but now we have our eyes set on another subject. A burning question: Are dice rolling apps random enough?

Over the past 10 years, we’ve seen a rise in D&D and Tabletop RPG dice rolling apps. Be it mobile apps, virtual tabletops (Henceforth called VTT), or a sweet random D20 rolling sword @diceweaponry, dice rollers are everywhere now! So first we went out to hear from you first!

Defining Randomness for Tabletop RPG’s

There are different uses and needs for random number generators used by computers. They can be used by Video Games, User Giveaways, or even the Lottery. Each of these uses has its own needs in terms of randomness, and dice rollers are no different. Dice rollers are used by groups of friends, or like minded people coming together to share a game, so the needs are much more relaxed than something that holds monetary, or competitive value. For this reason, we can determine the needs for a dice roller to be:

  1. The results must not follow any discernible pattern that makes it possible to reliably predict the outcome of any given roll.
  2. It must give consistently distribute the results of rolls randomly, not favoring any outcome.

Pseudo-Random vs True Random

For the purposes of this article, we are going to take a look at an example for one specific programming language, Javascript. In Javascript, Math.random() is a commonly used form of number generation, however this function isn’t truly random. Most computer Random Number Generators are not truly random, but instead are algorithms with repeatable patterns. These are called Pseudo-Random Number Generators, or PRNG for short. And yes, you read that first part right:  the numbers that a PRNG generates will eventually repeat themselves.

“Wait!” I can feel you thinking, “doesn’t that break the first rule?” Actually, it doesn’t. All it needs to accomplish is to not have a pattern that can be predicted by humans. According to the v8 development blog, weak implementations of Math.random() could have a pattern that “could be less than 40 million”. Since the v8 blog post is actually a bit outdated and behind the times for 2019, I think we can consider anything under 40 million “broken” at this point. So this is our bare minimum; a pattern of 40 million. No human could conceivably break this algorithm on their own.

Inconceivable.jpg
Figuring that out by hand…

Technologies used and Hackability

Now, Math.random() is a bit interesting, in that the randomness decided based on the Javascript Engine being used, and that’s dependent on your browser. For example, Chrome uses the v8 Engine, Firefox uses SpiderMonkey, and Safari uses WebKit. Each one of these implement their own version of the xorshift128+ algorithm. However, this is actually beyond the scope of this article, but for those interested you can read more from this hackernoon article. (Or you can dig even deeper if you’re brave enough.)

So, Math.random() can’t be found out by human means alone, but can it be hacked? Well, yes, they can, but in terms of a Virtual Tabletop that uses this methodology, this person would only be able to determine their own rolls, not others. Although, to do this takes a fair bit of research and know-how to be able to crack it. 

However, in my opinion, if you are worried about hackability as an option in your game, your group has a larger problem on hand. You should be able to trust that your fellow group won’t try to determine the outcome before their roll. Because, well, it’s cheating, plain and simple.

Becoming more Secure

Okay, so let’s say you are worried about hackability, are there any other options? Absolutely, someone can harden their algorithm to hackers by using a Cryptographic PRNG. This is a PRNG that is more secure against hackers. This means that it still has a repeating pattern, but that pattern is obscured making hacking much more difficult. (This goes way beyond the scope of this article though.

Well, let’s take another approach. Are there any truly random services out their that could be used for dice rollers? Absolutely! Random.org is a website that uses an algorithm based off of atmospheric noise to create genuinely random numbers! There is no repeating pattern involved in this method since it uses an external factor as part of it’s randomizing process! However, for app developers, there are downsides to this as well, including cost, speed, and an internet connection.

In Defense of Math.random()

So, that all sounds bad! It can be hacked by someone that knows what they’re doing, it isn’t truly random, and there are alternatives out there! OK, I hear you. However, I think we can safely say that Math.random() itself covers the minimum possible randomness that would be used for dice rolling apps. If all modern implementations use an algorithm that aims for a baseline pattern of 40 million before repeating, then no person could realistically break the pattern without cheating. For example, if someone were to be able to memorize 1 value a second, non-stop it would still take them almost 463 days!

463 Days!
That’s without bathroom breaks!

Testing the Rules

OK, fine. People can’t hack it by hand. But can they predict the results? You tell us! Instead of creating a theoretical scenario, or running our own tests, we wanted you to be able to experience it first hand. This rolls 10 d20’s in a row using Math.random(). You can predict the one rolled, then click roll to test your clairvoyance!

You are able to interact with the widget below!

Which was your best run? (Let us know in the comments!) Now, let’s test the distribution of the numbers by testing the second rule! In the fields below, you can enter the Amount of, and type of dice. Click The Roll It button to roll all them dice! Below, you’ll see a graph on the side based on the number of times each amount came up. Why not start out with 10d6. Maybe 100d6. Then step up your game! Go for that 40,000,000d6! (But beware of too high of numbers, I noticed my browser start slowing down once I entered 50 million)

Now, keep an eye on the scale on the left-hand side of the graph as you roll so you can be sure that you’re comparing the chart’s fairly. This is enough talking, go try it! 

You are able to interact with the widget below!

Your Thoughts!

Wow, this was a bit more in-depth than what we initially thought! Has this article changed your mind on dice rolling apps? If so, is it worse or better now? Let us know in the comments below!

Liked it? Take a second to support Steve Rakner on Patreon!
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *