Play Poker - Download Now

Data Privacy for our Poker Software

"When the stakes are high, it pays to go to great lengths to ensure that software is implemented with proper considerations for security and safety". - Matt Schmid, Cigital, Inc.

All communications between our client software running on client computers and our servers is encrypted. It is important to note that strictly speaking, encryption itself does not guarantee privacy. For example, a site where pocket cards of all the players are transferred to everybody, is not secure regardless of encryption. That is why we have spent a lot of effort designing our security system and policies.

Security Highlights:

Software Download:

The first point at which security becomes an important factor is when the client software is downloaded from the PokerStars site. We must ensure that the client software is downloaded unmodified. To address this requirement, we built the following features into the download process:

  • For Internet Explorer the validity of downloaded executable is verified by the browser using our key and Thawte certificate
  • For other browsers we use 1024-bit RSA key and a Thawte server certificate to protect our HTTPS web server & download

Play-time security:

We have a number of built-in features to ensure the security of the game itself.

  • Our client software uses the certificates issued by our own Certificate Authority (CA) to authenticate our servers
  • Our CA certificate key is 1024 bit length.
  • Our client software uses the industry standard SSLv3 protocol. It is configured to use RSA for authentication and key generation and triple-DES (EDE3, in outer-CBC mode) for encryption. Currently we are using 512-bit RSA key, which according to [1] is sufficient for short and medium-term (up to several years) secrets. As we update server private keys every three months, we are secure with a good safety margin. The use of Triple-DES EDE3 for session encryption is considered even safer
  • No private data, such as pocket cards, is ever transferred to other players

COLLUSION

Collusion is a form of cheating in which two or more players signal their holdings or otherwise form a cheating partnership to the detriment of the other players at the same table.

While on one hand it is easier to pass information between colluding players in online poker than it is in brick & mortar rooms, it is much more difficult to avoid eventual detection as the cards for all players can be examined after the play.

No matter how sophisticated the collusion is, it must involve a play of a hand that would not be played that way without collusion. Our detection methods are aimed to catch unusual play patterns and warn the security personnel, who will then make a thorough manual investigation. We will also investigate all players' reports about suspected collusion.

If any player is found to be participating in any form of collusion his or her account may be permanently closed.

SHUFFLE

"Anyone who considers arithmetic methods of producing random digits is, of course, in a state of sin." - John von Neumann, 1951

We understand that a use of a fair and unpredictable shuffle algorithm is critical to our software. To ensure this and avoid major problems described in [2], we are using two independent sources of truly random data:

  • user input, including summary of mouse movements and events timing, collected from client software
  • true hardware random number generator developed by Intel [3], which uses thermal noise as an entropy source

Each of these sources itself generates enough entropy to ensure a fair and unpredictable shuffle.

Shuffle Highlights:

  • A deck of 52 cards can be shuffled in 52! ways. 52! is about 2^225 (to be precise, 80,658,175,170,943,878,571,660,636,856,404,000,000,000,000,000,000,000,000,000, 000,000,000 ways). We use 249 random bits from both entropy sources (user input and thermal noise) to achieve an even and unpredictable statistical distribution.
  • Furthermore, we apply conservative rules to enforce the required degree of randomness; for instance, if user input does not generate required amount of entropy, we do not start the next hand until we obtain the required amount of entropy from Intel RNG.
  • We use the SHA-1 cryptographic hash algorithm to mix the entropy gathered from both sources to provide an extra level of security
  • We also maintain a SHA-1-based pseudo-random generator to provide even more security and protection from user data attacks
  • To convert random bit stream to random numbers within a required range without bias, we use a simple and reliable algorithm. For example, if we need a random number in the range 0-25:
    • we take 5 random bits and convert them to a random number 0-31
    • if this number is greater than 25 we just discard all 5 bits and repeat the process
  • This method is not affected by biases related to modulus operation for generation of random numbers that are not 2n, n = 1,2,..
  • To perform an actual shuffle, we use another simple and reliable algorithm:
    • first we draw a random card from the original deck (1 of 52) and place it in a new deck - now original deck contains 51 cards and the new deck contains 1 card
    • then we draw another random card from the original deck (1 of 51) and place it on top of the new deck - now original deck contains 50 cards and the new deck contains 2 cards
    • we repeat the process until all cards have moved from the original deck to the new deck
  • This algorithm does not suffer from "Bad Distribution Of Shuffles" described in [2]

PokerStars shuffle verified by Cigital and BMM International

PokerStars submitted extensive information about the PokerStars random number generator (RNG) to two independent organizations. We asked these two trusted resources to perform an in-depth analysis of the randomness of the output of the RNG, and its implementation in the shuffling of the cards on PokerStars.

Both independent companies were given full access to the source code and confirmed the randomness and security of our shuffle. Visit Online Poker Random Number Generator for more details.

Games Available Through PokerStars Secure Poker Software

The following poker games and poker tournaments are available through PokerStars' secure poker software:

[1] B. Schneier. Applied Cryptography
[2] "How We Learned to Cheat at Online Poker: A Study in Software Security" - http://itmanagement.earthweb.com/entdev/article.php/616221
[3] "The Intel Random Number Generator" - http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf

Texas Hold'em|Omaha|Omaha Hi-Lo|Stud|Stud Hi-Lo|Draw|2-7 Triple Draw|2-7 Single Draw|HORSE|Razz|8-Game Mix|Badugi
Copyright © 2001-2008, PokerStars.com. All rights reserved. Rational Entertainment Enterprises Limited, 49 Victoria Street, Douglas,
IM1 2LD, Isle of Man. License No. 7, granted July 2005.  Online gambling is regulated in the Isle of Man.