Do I need to install anything to verify a hash?

No. You can verify a provably fair hash using only your web browser. Open the browser console (F12 or Cmd+Option+J on Mac), and use the built-in Web Crypto API to compute SHA-256 and HMAC-SHA256. Alternatively, you can use any online SHA-256 calculator — there are dozens of reputable ones. No downloads, no installations, no plugins required.

What if the verification fails?

If the SHA-256 of the revealed server seed does not match the committed hash, or if the computed crash point does not match the displayed result, you have evidence of a commitment violation. Document everything: screenshot the seeds, hashes, nonces, and the displayed crash point. Report the discrepancy to the platform and, if possible, to an independent auditor. A single verification failure in a correctly implemented provably fair system should not occur — it indicates either a bug or manipulation.

Can I verify rounds from before I joined?

Only if those rounds occurred under a server seed that has since been revealed. In most provably fair implementations, the server seed is revealed when it rotates. Rounds under the current (unrevealed) server seed cannot be verified yet — verification requires the actual seed, not just the hash. Rounds from before you created your account used someone else's client seed and nonce, so you cannot recompute them unless the platform provides a public verification tool.

How long does verification take?

About 90 seconds for a single round once you have the process down. The first time may take 5–10 minutes as you find the seeds in the platform's settings and get comfortable with the console commands. Verifying multiple rounds from the same rotation is faster — you reuse the same server seed and client seed, changing only the nonce.

Is verifying a hash legal?

Yes. Verification uses only information that the platform publicly provides to you. You are computing publicly documented mathematical operations on data the platform explicitly shares for this purpose. There is no unauthorized access, no reverse engineering, and no terms-of-service violation. Provably fair systems are designed to be verified — that is the entire point.

How to Verify a Provably Fair Hash Yourself

Verifying a provably fair crash round takes about 90 seconds and requires no special software — only a modern browser and a willingness to copy-paste two hex strings. This article walks through a real verification against a Stake Crash round, step by step, showing exactly how to confirm that the operator honored their pre-commitment.

What will I need to verify a round?

Three things:

A modern web browser — Chrome, Firefox, Edge, or Safari. You will use the browser's built-in developer console.
Your provably fair seeds — the server seed (revealed after rotation), your client seed, and the nonce of the round you want to verify. These are available in the platform's fairness settings.
About 90 seconds of patience.

No special software. No downloads. No command-line tools. Everything you need is built into your browser.

If you want to understand what you are verifying and why it matters before you start, read Provably Fair, Explained first. This article assumes you understand the concept and want the hands-on walkthrough.

Where do I find the server seed, client seed, and nonce?

The location varies by platform. Here is where to find them on the three games currently under review:

Stake Crash:

Click your profile icon → Settings → Fairness (or navigate directly to the fairness page).
You will see: Server Seed (Hashed) — this is the SHA-256 hash of the current server seed. Client Seed — this is your client seed (editable). Nonce — this is the current nonce (increments with each bet).
To reveal the server seed for verification, click "Rotate" or "Change Seed." This ends the current rotation, reveals the old server seed, and starts a new one.

BC.Game Crash:

Click your avatar → Fairness or Provably Fair.
Similar layout: hashed server seed, client seed, nonce.
Rotate to reveal the old server seed.

Roobet Crash:

Navigate to the Provably Fair section in settings.
Same pattern: hash, client seed, nonce, rotate to reveal.

Before you rotate: Write down or screenshot your current client seed and the nonce of the round you want to verify. After rotation, the old client seed may no longer be displayed.

How do I compute the SHA-256 of the revealed seed?

After rotating, you will see the actual server seed — a long hex string. Your first step is to confirm that the SHA-256 hash of this seed matches the hash that was displayed before the rotation.

Method 1 — Browser console:

Open your browser's developer console (F12, then click "Console") and paste:

async function sha256(message) {
  const encoder = new TextEncoder();
  const data = encoder.encode(message);
  const hash = await crypto.subtle.digest('SHA-256', data);
  return Array.from(new Uint8Array(hash))
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}

// Replace with your actual revealed server seed:
sha256('your_revealed_server_seed_here').then(console.log);

The output is a 64-character hex string. Compare it character by character to the server seed hash that was displayed before the rotation.

Method 2 — Online tool:

Search for "SHA-256 online calculator." Paste the revealed server seed. Compare the output to the committed hash.

If they match: The operator committed to this seed before any rounds were played. Proceed to the next step.

If they do not match: The operator changed the seed after committing its hash. This is a critical failure. Document everything and report it.

How do I derive the multiplier from the HMAC?

Now you know the server seed is authentic. Next, verify that a specific round's crash point was correctly derived from the seed.

In the browser console:

async function hmacSha256(key, message) {
  const encoder = new TextEncoder();
  const keyData = encoder.encode(key);
  const msgData = encoder.encode(message);
  const cryptoKey = await crypto.subtle.importKey(
    'raw', keyData, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']
  );
  const sig = await crypto.subtle.sign('HMAC', cryptoKey, msgData);
  return Array.from(new Uint8Array(sig))
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}

async function verifyCrashPoint(serverSeed, clientSeed, nonce) {
  const hash = await hmacSha256(serverSeed, clientSeed + ':' + nonce);

  // Take first 8 hex characters (32 bits)
  const h = parseInt(hash.substring(0, 8), 16);

  // Check for instant crash (house edge implementation)
  // Note: the exact modulus varies by platform
  if (h % 33 === 0) {
    return 1.00;
  }

  // Compute multiplier
  const e = Math.pow(2, 32);
  const result = Math.floor((100 * e - h) / (e - h)) / 100;
  return Math.max(1, result);
}

// Replace with your actual values:
verifyCrashPoint(
  'your_revealed_server_seed',
  'your_client_seed',
  42  // the nonce of the round you want to verify
).then(point => console.log('Computed crash point:', point));

Important caveats:

The exact formula (especially the modulus for instant crashes and the multiplier derivation) varies between platforms. The code above is a common implementation pattern, not a universal one. Check the platform's provably fair documentation for their specific formula.
The nonce is per-bet, not per-round. If you skipped rounds (did not bet), your nonce did not increment for those rounds.
Floating-point precision can cause the last decimal to differ by 0.01. A computed result of 2.47 matching a displayed result of 2.47 is a pass. A computed result of 2.47 matching a displayed result of 3.12 is a fail.

What do I do if my verification doesn't match?

First, rule out user error:

Check your client seed. Are you using the client seed that was active during the round you are verifying? If you changed it, you need the old one.
Check the nonce. The nonce is per-bet. If the platform counts nonces differently than you expect, the mismatch may be a nonce offset.
Check the formula. Different platforms use different derivation formulas. Confirm you are using the correct one for the platform you are verifying.
Check the server seed. Are you using the revealed server seed from the correct rotation? If you have rotated multiple times, make sure the seed corresponds to the rotation that was active during the round.

If you have ruled out user error and the verification still fails:

Screenshot everything. The revealed server seed, the committed hash, your client seed, the nonce, the displayed crash point, and your computed crash point.
Try additional rounds. Verify 3–5 more rounds from the same rotation. If they all fail, the issue is systematic. If only one fails, it may be a data display error.
Report to the platform. Most platforms have a support channel for provably fair disputes.
Report to an independent auditor. Clash Watchdog AI accepts verification failure reports. If our analysis confirms the failure, it will be noted in the game's audit report.

A single verification failure in a correctly implemented system should never occur. The cryptographic operations are deterministic — the same inputs always produce the same output. If the output does not match, either the inputs were wrong (user error) or the system is not operating as described (platform issue).

How do I verify many rounds at once?

For spot-checking, verifying 5–10 rounds manually is sufficient. For systematic verification of hundreds or thousands of rounds, you need a script.

A minimal batch verifier in JavaScript:

async function verifyBatch(serverSeed, clientSeed, startNonce, endNonce) {
  const results = [];
  for (let nonce = startNonce; nonce <= endNonce; nonce++) {
    const computed = await verifyCrashPoint(serverSeed, clientSeed, nonce);
    results.push({ nonce, crashPoint: computed });
  }
  return results;
}

// Verify rounds 1 through 100:
verifyBatch('your_server_seed', 'your_client_seed', 1, 100)
  .then(results => {
    console.table(results);
    console.log('Verified', results.length, 'rounds');
  });

This produces a table of nonces and computed crash points. Compare each entry against the platform's displayed result for that nonce.

For large-scale verification (thousands of rounds), Clash Watchdog AI uses automated pipelines that ingest data from multiple sources and verify every round in a rotation. This is part of our Column C audit. Our verification notebooks are published alongside each audit report for reproducibility — anyone can re-run our verification and confirm our results.

The fundamental value of verification — whether you do it yourself for 5 rounds or we do it systematically for 50,000 — is the same: it converts "trust the operator" from an act of faith into a testable, falsifiable claim. See our game listings for which games we have verified and what we found.

Verifying a provably fair crash round takes about 90 seconds and requires no special software — only a modern browser and a willingness to copy-paste two hex strings. This article walks through a real verification against a Stake Crash round, step by step, showing exactly how to confirm that the operator honored their pre-commitment.

What will I need to verify a round?

Three things:

A modern web browser — Chrome, Firefox, Edge, or Safari. You will use the browser's built-in developer console.
Your provably fair seeds — the server seed (revealed after rotation), your client seed, and the nonce of the round you want to verify. These are available in the platform's fairness settings.
About 90 seconds of patience.

No special software. No downloads. No command-line tools. Everything you need is built into your browser.

Where do I find the server seed, client seed, and nonce?

The location varies by platform. Here is where to find them on the three games currently under review:

Stake Crash:

Click your profile icon → Settings → Fairness (or navigate directly to the fairness page).
You will see: Server Seed (Hashed) — this is the SHA-256 hash of the current server seed. Client Seed — this is your client seed (editable). Nonce — this is the current nonce (increments with each bet).
To reveal the server seed for verification, click "Rotate" or "Change Seed." This ends the current rotation, reveals the old server seed, and starts a new one.

BC.Game Crash:

Click your avatar → Fairness or Provably Fair.
Similar layout: hashed server seed, client seed, nonce.
Rotate to reveal the old server seed.

Roobet Crash:

Navigate to the Provably Fair section in settings.
Same pattern: hash, client seed, nonce, rotate to reveal.

Before you rotate: Write down or screenshot your current client seed and the nonce of the round you want to verify. After rotation, the old client seed may no longer be displayed.

How do I compute the SHA-256 of the revealed seed?

After rotating, you will see the actual server seed — a long hex string. Your first step is to confirm that the SHA-256 hash of this seed matches the hash that was displayed before the rotation.

Method 1 — Browser console:

Open your browser's developer console (F12, then click "Console") and paste:

async function sha256(message) {
  const encoder = new TextEncoder();
  const data = encoder.encode(message);
  const hash = await crypto.subtle.digest('SHA-256', data);
  return Array.from(new Uint8Array(hash))
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}

// Replace with your actual revealed server seed:
sha256('your_revealed_server_seed_here').then(console.log);

The output is a 64-character hex string. Compare it character by character to the server seed hash that was displayed before the rotation.

Method 2 — Online tool:

Search for "SHA-256 online calculator." Paste the revealed server seed. Compare the output to the committed hash.

If they match: The operator committed to this seed before any rounds were played. Proceed to the next step.

If they do not match: The operator changed the seed after committing its hash. This is a critical failure. Document everything and report it.

How do I derive the multiplier from the HMAC?

Now you know the server seed is authentic. Next, verify that a specific round's crash point was correctly derived from the seed.

In the browser console:

async function hmacSha256(key, message) {
  const encoder = new TextEncoder();
  const keyData = encoder.encode(key);
  const msgData = encoder.encode(message);
  const cryptoKey = await crypto.subtle.importKey(
    'raw', keyData, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']
  );
  const sig = await crypto.subtle.sign('HMAC', cryptoKey, msgData);
  return Array.from(new Uint8Array(sig))
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}

async function verifyCrashPoint(serverSeed, clientSeed, nonce) {
  const hash = await hmacSha256(serverSeed, clientSeed + ':' + nonce);

  // Take first 8 hex characters (32 bits)
  const h = parseInt(hash.substring(0, 8), 16);

  // Check for instant crash (house edge implementation)
  // Note: the exact modulus varies by platform
  if (h % 33 === 0) {
    return 1.00;
  }

  // Compute multiplier
  const e = Math.pow(2, 32);
  const result = Math.floor((100 * e - h) / (e - h)) / 100;
  return Math.max(1, result);
}

// Replace with your actual values:
verifyCrashPoint(
  'your_revealed_server_seed',
  'your_client_seed',
  42  // the nonce of the round you want to verify
).then(point => console.log('Computed crash point:', point));

Important caveats:

The exact formula (especially the modulus for instant crashes and the multiplier derivation) varies between platforms. The code above is a common implementation pattern, not a universal one. Check the platform's provably fair documentation for their specific formula.
The nonce is per-bet, not per-round. If you skipped rounds (did not bet), your nonce did not increment for those rounds.
Floating-point precision can cause the last decimal to differ by 0.01. A computed result of 2.47 matching a displayed result of 2.47 is a pass. A computed result of 2.47 matching a displayed result of 3.12 is a fail.

What do I do if my verification doesn't match?

First, rule out user error:

Check your client seed. Are you using the client seed that was active during the round you are verifying? If you changed it, you need the old one.
Check the nonce. The nonce is per-bet. If the platform counts nonces differently than you expect, the mismatch may be a nonce offset.
Check the formula. Different platforms use different derivation formulas. Confirm you are using the correct one for the platform you are verifying.
Check the server seed. Are you using the revealed server seed from the correct rotation? If you have rotated multiple times, make sure the seed corresponds to the rotation that was active during the round.

If you have ruled out user error and the verification still fails:

Screenshot everything. The revealed server seed, the committed hash, your client seed, the nonce, the displayed crash point, and your computed crash point.
Try additional rounds. Verify 3–5 more rounds from the same rotation. If they all fail, the issue is systematic. If only one fails, it may be a data display error.
Report to the platform. Most platforms have a support channel for provably fair disputes.
Report to an independent auditor. Clash Watchdog AI accepts verification failure reports. If our analysis confirms the failure, it will be noted in the game's audit report.

How do I verify many rounds at once?

For spot-checking, verifying 5–10 rounds manually is sufficient. For systematic verification of hundreds or thousands of rounds, you need a script.

A minimal batch verifier in JavaScript:

async function verifyBatch(serverSeed, clientSeed, startNonce, endNonce) {
  const results = [];
  for (let nonce = startNonce; nonce <= endNonce; nonce++) {
    const computed = await verifyCrashPoint(serverSeed, clientSeed, nonce);
    results.push({ nonce, crashPoint: computed });
  }
  return results;
}

// Verify rounds 1 through 100:
verifyBatch('your_server_seed', 'your_client_seed', 1, 100)
  .then(results => {
    console.table(results);
    console.log('Verified', results.length, 'rounds');
  });

This produces a table of nonces and computed crash points. Compare each entry against the platform's displayed result for that nonce.

How to Verify a Provably Fair Hash Yourself

What will I need to verify a round?

Where do I find the server seed, client seed, and nonce?

How do I compute the SHA-256 of the revealed seed?

How do I derive the multiplier from the HMAC?

What do I do if my verification doesn't match?

How do I verify many rounds at once?

Frequently Asked Questions

Related Articles

How to Verify a Provably Fair Hash Yourself

What will I need to verify a round?

Where do I find the server seed, client seed, and nonce?

How do I compute the SHA-256 of the revealed seed?

How do I derive the multiplier from the HMAC?

What do I do if my verification doesn't match?

How do I verify many rounds at once?

Frequently Asked Questions

Related Articles