Don’t blindly trust a green checkmark or a “verify” badge on a casino’s footer. This 10-Point Provably Fair Checklist (based on our checklist template: Provably Fair Checklist Guide) gives you an active, systematic audit protocol to confirm an operator’s cryptographic integrity before you risk your bankroll.
Many online casinos advertise “provably fair” games but rely on the fact that 99% of players will never audit their seeds. A truly fair operator makes seed verification straightforward and public. If a site hides their seeds, obfuscates their algorithms, or forces you to use their in-house “Verify” buttons without giving you the raw variables, they are failing the transparency test.
This checklist is built directly into your browser’s local storage. You can mark off each point as you review a casino, and your progress will be saved.
When auditing a new betting platform, walk through these ten concrete indicators of cryptographic security:
The casino must display the SHA-256 hash of the server seed *before* you place a bet, and reveal the actual un-hashed server seed *after* you rotate your seed pair. If they do not reveal the raw past seeds, they are hiding the outcomes.
A fair casino allows you to change your client seed at any moment. If the site forces you to use their pre-selected client seeds and doesn’t let you input your own custom phrase, they can pre-calculate and manipulate your future round outcomes.
Every bet must use an incrementing nonce (0, 1, 2, 3…) that starts at 0 for a new seed pair. The casino must clearly display the nonce used for each past round in your history.
The algorithm must be standard (like HMAC-SHA256 or SHA-512) and documented well enough that you can copy your seeds into an independent verifier and get the exact same results.
The platform should display active certifications from independent testing laboratories (like iTech Labs, GLI, or eCOGRA) verifying that their random number generator meets international statistical standards.
Let’s look at a concrete audit test. Before you begin a betting session, the casino displays the following Active Server Seed Hash:
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
You place 100 bets, then click “Rotate Seeds.” The casino now reveals the previous, un-hashed Active Server Seed:
my_secret_server_seed_123
To verify they did not change your game outcomes mid-session, you must run the un-hashed seed through a standard SHA-256 generator. If the resulting hash matches the commitment shown *before* your session started, the casino mathematically could not have altered the game results after seeing your bets. If the hashes do not match, the operator is compromised.
Your client seed acts as your guarantee against casino fraud. If the casino generated the outcomes entirely on their side, they could generate a sequence of outcomes that specifically beats your current stakes. By adding your own random client seed to the mix, you break their ability to predict the outcome.
Rotating your seeds generates a brand new active server seed and reveals the un-hashed version of your old one. You must rotate your seeds regularly to perform audits on your past wagers.
If a casino fails even one critical checkpoint—such as refusing to let you customize your client seed or hiding un-hashed past seeds—do not deposit. The mathematical risk of being cheated is too high.