How to Set a Strong Client Seed for Provably Fair

May 20, 20261 min read

Your client seed is part of every RNG input. Replacing the auto-generated default with your own value is paranoia-grade fairness insurance.

What the client seed does

RNG input is HMAC-SHA256(serverSeed, "${clientSeed}:${nonce}" + gameSalt). Both seeds contribute to the result.

The server seed gets hashed and committed before the round. The client seed is yours — set it to anything you want. The default is auto-generated random. You can override.

You probably don't need to set a custom client seed. But the option being there matters more than most players use it.

Why custom seeds matter

If you trust the auto-generated client seed, the verifier already proves the round's outcome was determined cryptographically. That's verifier-safe.

If you want stronger guarantees — say, paranoia that the auto-generated client seed could be influenced by an attacker who compromised your session — set a custom seed only you know. Now the server can't pre-derive any specific outcome for you, because it doesn't know your seed.

How to set one

Account Settings → Provably Fair → Client Seed. Enter a 16-256 character string. Save. The new seed applies to your next round.

Good seed material: random bytes, a long passphrase, your birthdate plus salt, a UUID. Avoid short numerics, dictionary words, or anything trivially guessable.

Rotation strategy

For maximum protection: rotate weekly. Even a brief seed compromise can't affect rounds outside that seed's active window.

For typical players: set once at signup, rotate quarterly. The marginal protection from more frequent rotation is small relative to other risks.

Frequently asked questions

Does a custom client seed change my odds?: No. The mathematical edge is identical regardless of seed value. Custom seeds change WHICH outcomes you get from a given server seed, not the probability distribution.
Can I set different seeds per game?: Currently the seed is account-wide. Per-game seed support is on the roadmap.
What if someone guesses my client seed?: They can't pre-derive outcomes — that requires the server seed too, which is only revealed after the round. The client seed alone is not a security vulnerability.
Is the auto-generated seed safe?: Yes. Cryptographically random. Custom seeds are a paranoia-grade upgrade, not a fix for an actual vulnerability.

What the client seed does

RNG input is HMAC-SHA256(serverSeed, "${clientSeed}:${nonce}" + gameSalt). Both seeds contribute to the result.

The server seed gets hashed and committed before the round. The client seed is yours — set it to anything you want. The default is auto-generated random. You can override.

You probably don't need to set a custom client seed. But the option being there matters more than most players use it.

Why custom seeds matter

If you trust the auto-generated client seed, the verifier already proves the round's outcome was determined cryptographically. That's verifier-safe.

Frequently asked questions

Does a custom client seed change my odds?

No. The mathematical edge is identical regardless of seed value. Custom seeds change WHICH outcomes you get from a given server seed, not the probability distribution.

Can I set different seeds per game?

Currently the seed is account-wide. Per-game seed support is on the roadmap.

What if someone guesses my client seed?

They can't pre-derive outcomes — that requires the server seed too, which is only revealed after the round. The client seed alone is not a security vulnerability.

Is the auto-generated seed safe?

Yes. Cryptographically random. Custom seeds are a paranoia-grade upgrade, not a fix for an actual vulnerability.