What is Provably Fair Poker?
How SHA-256 Proves Every Hand is Legit
Go to any poker forum, any app store review, any Reddit thread about online poker. You will find the same complaint repeated thousands of times: "It's rigged." This is the single biggest trust problem in online poker, and until recently, platforms could only respond with "trust us." Provably fair changes that.
The "Is It Rigged?" Problem
Every online poker platform uses a Random Number Generator (RNG) to shuffle and deal cards. Players have no way to inspect that RNG. When they lose a bad beat — when their pocket aces get cracked by 7-2 offsuit — they wonder: was that actually random, or did the platform manipulate the outcome?
Traditional platforms respond by pointing to third-party RNG audits. Companies like Gaming Labs International (GLI) or eCOGRA test the RNG and certify that it produces statistically random results. But these audits happen periodically, not on every hand. And the audit reports are technical documents that most players never read.
The result: players just have to trust the platform. And trust has been broken before. The 2007 Absolute Poker scandal proved that insiders could see hole cards. The 2008 UltimateBet superuser scandal showed the same thing. These were real-money platforms with RNG certifications. Trust is not enough.
What "Provably Fair" Actually Means
Provably fair is a system where the platform commits to the outcome before it happens, and then lets you verify that commitment after the hand. It is a cryptographic guarantee, not a promise.
The concept comes from cryptocurrency casinos, which needed a way to prove fairness without relying on traditional gaming regulators. The core idea is simple:
- 1.Before the hand, the platform creates a hash of the deck order and shows it to you.
- 2.You cannot reverse the hash to know what cards are coming (the hash is one-way).
- 3.After the hand, the platform reveals the seed that generated the deck.
- 4.You hash the seed yourself and check that it matches the hash from step 1.
If the hashes match, the deck was determined before the hand started and was not changed mid-hand. The platform could not have manipulated the outcome because the outcome was locked in before any cards were dealt.
How SHA-256 Hashing Works (Simple Version)
SHA-256 is a cryptographic hash function. It takes any input — a word, a sentence, the entire works of Shakespeare — and produces a fixed-length 64-character hexadecimal string. Three properties make it useful for provably fair systems:
Deterministic
The same input always produces the same output. "hello" will always hash to the same 64-character string, every time, on every computer.
One-Way
You cannot reverse the hash to find the original input. Given a hash, there is no mathematical way to determine what produced it (other than trying every possible input).
Avalanche Effect
Changing even one character of the input completely changes the output. "hello" and "hellp" produce completely different hashes. This means you cannot guess nearby inputs from a hash.
Here is a concrete example:
Completely different outputs from nearly identical inputs. This is what makes the system work — the platform cannot fiddle with the seed to change the outcome without producing a completely different hash that would not match the commitment.
The 4-Step Provably Fair Process
Here is how provably fair poker works on PlasmaPoker, step by step:
Server Generates a Seed
Before the hand begins, the server generates a cryptographically secure random seed. This seed, combined with the client seed, determines the exact deck order (using CSPRNG Fisher-Yates shuffle). The server hashes this seed using SHA-256 and sends the hash to the client.
Client Provides a Seed
The client (your PlasmaPoker app) contributes its own random seed. This prevents the server from precomputing outcomes. The combined server seed + client seed determines the final shuffle. Neither side can predict or control the outcome alone.
The Hand Plays Out
Cards are dealt according to the predetermined shuffle. The server cannot change the deck order because it already committed to the hash. Any change to the seed would produce a different hash that would not match the commitment shown before the hand.
Verification
After the hand, the server reveals the original seed. You can now hash it yourself (using any SHA-256 tool) and verify that it matches the hash from step 1. If it matches, the deck was locked in before the hand and was not tampered with.
How to Verify a Hand Yourself
In PlasmaPoker, every hand history includes three pieces of data:
To verify:
- Copy the server seed from your hand history.
- Go to any SHA-256 hash generator (there are dozens of free ones online, or use your terminal:
echo -n "seed" | sha256sum). - Paste the server seed and generate the hash.
- Compare it to the pre-committed hash in your hand history.
- If they match, the hand was dealt fairly. The deck order was locked before you saw your cards.
You do not need to trust PlasmaPoker. You do not need to trust a third-party auditor. You can verify it yourself, with math.
Why Other Poker Sites Cannot Do This
Most online poker platforms were built years or decades ago on architectures that do not support provably fair dealing. Adding it would require:
- •Re-architecting the dealing engine to commit hashes before each hand and store seeds per-hand.
- •Client-side seed contribution requires protocol changes between client and server.
- •Hand history format changes to include seeds and hashes.
- •Verification UI so players can actually check hands.
For platforms like PokerStars, GGPoker, or Global Poker, this is a massive engineering project with no direct revenue impact. They rely on periodic RNG audits and regulatory compliance instead. It works legally, but it does not answer the player's fundamental question: "Was this specific hand dealt fairly?"
PlasmaPoker was built from scratch with provably fair as a core architectural requirement, not an afterthought. The CSPRNG shuffle, hash commitment, and verification pipeline are built into the dealing engine at the deepest level.
PlasmaPoker's Provably Fair System
Here is the technical architecture:
CSPRNG Fisher-Yates Shuffle
Every deck shuffle uses a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG). This is the gold standard for randomness — it is the same type of RNG used in cryptographic key generation and military applications. The Fisher-Yates algorithm ensures a perfectly uniform distribution across all 52! possible deck orderings.
SHA-256 Audit Hash Per Hand
Every single hand gets its own audit hash. Not a batch hash, not a session hash — every individual hand. The hash is committed before cards are dealt and revealed after the hand completes. This creates an immutable audit trail for every hand ever played on the platform.
Server + Client Seed Architecture
Both the server and client contribute entropy to the shuffle. This dual-seed system prevents either side from predetermining the outcome. Even if the server wanted to manipulate a hand, the client seed makes the final shuffle unpredictable to the server.
Slot Games Too
The provably fair system is not limited to poker. Every slot spin on PlasmaPoker also gets a SHA-256 audit hash. You can verify that every slot outcome was determined by the CSPRNG before the spin animation played.
Frequently Asked Questions
Can the platform still cheat with provably fair?
No. The hash is committed before the hand. Changing the seed after the commitment would produce a different hash that would not match. You can verify this yourself. The math does not lie.
Does provably fair slow down the game?
No. SHA-256 hashing takes microseconds. The hash commitment and seed exchange happen in the background during the normal dealing process. You will not notice any performance difference.
Do I have to verify every hand?
No. Most players will never verify a single hand, and that is fine. The point is that you *can*. The ability to verify creates accountability, even if most people never use it. Think of it like a security camera — its presence deters bad behavior whether anyone is watching or not.
Is provably fair the same as a RNG audit?
No. A RNG audit tests that the random number generator produces statistically random outputs over a sample of hands. Provably fair lets you verify any *specific* hand was dealt fairly. Audits test the system; provably fair lets you test individual outcomes.
What if I lose a hand — does that mean it was fair?
Yes. Losing a hand does not mean it was rigged. Pocket aces lose to 7-2 offsuit about 12% of the time. Bad beats are mathematically inevitable. Provably fair does not prevent bad beats — it proves that the cards were dealt randomly and not manipulated to cause them.
The era of "trust us" in online poker is ending. Provably fair is the new standard. If a poker platform cannot prove its dealing is fair, you should ask why.
Don't trust us. Verify us.
Try Provably Fair Poker
PlasmaPoker is the only poker platform with SHA-256 provably fair dealing on every hand. Download free and verify it yourself.
Download PlasmaPoker Free