Online Poker Security: Random Numbers
For an online poker room to accurately create a money card game where players play against other players, they must be able to tap into something random and unpredictable to duplicate the effect of a "shuffle". The big problem with randomness is that computers cannot create random numbers without grabbing from an outside source. For a regular desktop computer, whenever you need an element of randomness ("entropy"), the computer usually grabs numbers from the computer's clock. However, if analyzed and timed correctly (or through tampering with the clock) a user could figure out exactly what numbers were being grabbed and predict the random number. So poker rooms must use different sources of entropy.
In fact, they use multiple forms. In the most secure of online poker rooms, the entropy comes from factors near the actual server and also from information grabbed from the users. Information near the server could be a radiation output measurement, the temperature, a measurement of low-level sound, and/or the number of microseconds it takes to complete a process. A number from those measurements will be taken out, usually a number in a distant decimal place which varies frequently. The entropy garnered from the players is usually based on mouse movement and keyboard activity, using the time in between uses or the direction/keystroke. It is important to note that even if one player could deliberately send specific mouse and keyboard information to create a desired random number, every single players' movement is used and mixed together with the server's internal random numbers to create a special batch of randomness which makes up the random seed.
The seed is plugged into an algorithm which then "sets" the deck. It is important to mention that the size of the seed needs to be sufficient to encompass all the different possible combinations of random decks, otherwise it may be insecure for multiple reasons. The one major case where an online poker room was compromised dealt with the random seed being too small. Secure online poker rooms also continue to "shuffle" the deck after the initial deal. During the course of a hand, additional entropy is gathered from players and server conditions and used to modify the original seed. This way, even if someone miraculously was able to monitor the entropy near the server, they could never anticipate future cards. It would be possible if they could measure the server entropy exactly and if they also were playing as all the players at the table and feeding predicted entropy to the server. However, then you'd be playing yourself at poker, which isn't a good way to win money.