Security
Hexzard implements a set of robust security practices to guarantee the integrity and security of the games. The following key security measures are in place:
Signature Verification
To prevent unauthorized access and tampering of requests, a signature mechanism is employed. A unique signature is generated based on the request payload, timestamp, and a secret key. The signature is then validated against the received signature to ensure the authenticity of the request. This validation process prevents unauthorized modifications and protects against spoofing attacks.
Seeding
The Hexzard platform incorporates three essential seeds to enhance the randomness and fairness of the game:
-
Player Seed: The client seed is provided by the player and acts as their personal input into the randomization process. By allowing players to contribute their unique seeds, Hexzard ensures transparency and enables players to have an active role in determining the game outcome.
-
Operator Seed: The operator seed is generated by the operator just before the final outcome is generated and serves as an additional source of randomness. It provides an extra layer of fairness and prevents any potential bias that may arise from relying solely on the client seed. The operator seed becomes public after each bet so unique seed is required for each bet!.
-
Server Seed: The server seed is the final component of the randomization process. It is generated and maintained by the Hexzard platform in a secure manner. By combining the client seed, operator seed, and Hexzard seed, the game outcome is determined. The utilization of a server seed ensures that the game result cannot be manipulated or predicted by any party involved.
The combination of these three seeds guarantees a highly secure and unbiased gaming experience. Hexzard's approach to incorporating client, operator, and server seeds maintains the integrity and fairness of the game, providing players and casino operators with confidence in the randomization process.
Request Validation
All incoming requests undergo thorough validation to ensure the presence of all required parameters and adherence to the correct format. Any missing parameters or invalid requests are handled appropriately, preventing potential vulnerabilities and ensuring the stability and security of the games.
Replay Attack Prevention
Hexzard incorporates a time-based validation mechanism to safeguard against replay attacks. The timestamp of each request is checked against the current time. If the time difference exceeds a predefined threshold (e.g., 5 minutes), the request is considered invalid. This preventative measure rejects outdated requests and prevents replay attacks.
Timing Attack Prevention
To mitigate the risk of timing-based attacks, Hexzard employs the tsscmp library for secure signature comparison. This library provides a constant time comparison function, minimizing the possibility of timing side-channel attacks that exploit differences in execution time based on the comparison result.
These security practices collectively ensure the authenticity, integrity, and fairness of the dice game implementation. By implementing strong signature verification, utilizing secure random seeds, validating incoming requests, and protecting against replay and timing attacks, Hexzard maintains a high level of security and delivers a trustworthy gaming experience for both casino owners and players, regardless of the programming language or technology used.