top | item 27845733

(no title)

Fun fact: Actual Gambling machines are also audited on the reg.

A college friend works for my state's gaming commission. During a 'drinking talk' about digital signatures, she told me an interesting part of her job; not just going through the slot machines and validating the payout settings, but also checking the EEProms MD5 Hash* to make sure that it was in a list of 'approved' code hashes.

* - This was 15 years ago, I -really- hope they use something better nowadays.

discuss

kbenson|4 years ago

Yeah, I've hear as much before. That's one of the things that makes this worse, these cabinets are (were?) a loophole that allows fleecing people without oversight. It's not like gambling is in your favor when you do it at a casino, but you can usually trust that the state has kept it from being egregiously unfair.

> checking the EEProms MD5 Hash* to make sure that it was in a list of 'approved' code hashes.

> This was 15 years ago, I -really- hope they use something better nowadays.

I dunno. If the hash is generated and displayed by the hardware on a separate LCD display (or a serial you attach) and maybe a bit of non-flashable code, that seems pretty good to me, especially that it's regularly spot checked in person. Something like that is far harder to fake and fool real people with successfully for an extended period, IMO.

josephcsible|4 years ago

"something better" was referring to the MD5 algorithm in particular. It'd be really easy today to make a fair firmware and a rigged firmware with identical MD5 hashes.