Worried a couple of my players have a dice roll cheat

I have a couple of players that seem to never fail rolls when it really matters. Is this just my perception or are their cheats out there? If there are cheats out there is there anything I can do to prevent them in my game short of doing all the rolls myself?

Players cannot fudge dice rolls so they cannot cheat in that fashion. However, they may have incorrect modifiers in their macros so you may want to examine the macros. If they are using inline rolls you can hover over the result to see what the modifiers were.

Great, Thank you.

Here is a d20 roll [[d20]] Here is a d20 roll that always turns up 20 [[d20r1r2r3r4r5r6r7r8r9r10r11r12r13r14r15r16r17r18r19]]

If they have 3d dice turned off and they run [[d20r1r2r3r4r5r6r7r8r9r10r11r12r13r14r15r16r17r18r19]] they will always get a 20. If 3d dice are enabled you'll see it roll over and over again until it gets 20, but with 3d dice off you can't tell without hovering. So, yes it looks like you have a cheater.

That was just an extreme example not what the original OP said happen.

Sometimes the dice roller will give results that appear to "beat the odds." A user Saturday night rolled three 3's in a row, followed by a 20 and then a 1. All using [[1d20]]. Whenever my monsters roll better than the group they will half jokingly say I am cheating the system somehow. I assure them the developers will absolutely not stand for that. And of course when they roll well and I don't; that's different...

I had one player who had regular "beat the odds" results in a tabletop game with actual dice...which were owned by me...and used by every player. Probability just seemed to swirl around him in weird ways, even as the other players, using the same dice, followed more expected levels. We were playing GURPS, and he'd roll either 3 or 18 (critical hits and critical failures) with astonishing regularity--so it wasn't even that it was always good, just that it was very good or very bad quite surprisingly often. Sometimes probability just does strange things, whether you're using physical or digital dice. :-P But yeah, if you're not sure if you've got someone doing something untoward in Roll20, it seems like it shouldn't be too hard to double-check how they rolled using the hover-over feature. Handy, that.

I had one game where I could not roll bad as a gm while the players could not succeed with any roll. I gave my creatures penalties and they still smoked the dice while I gave the players bonuses to their rolls and they ended up almost killing each other characters. That is the way probabilities work. Sometimes is works for the players and other times it doesn't.

Erich S. said: Sometimes the dice roller will give results that appear to "beat the odds." A user Saturday night rolled three 3's in a row, followed by a 20 and then a 1. All using [[1d20]]. Whenever my monsters roll better than the group they will half jokingly say I am cheating the system somehow. I assure them the developers will absolutely not stand for that. And of course when they roll well and I don't; that's different... A couple weeks ago my players rolled 3x 77, 1x 99, and 2x 100 on [[1d100]] in a system where 100s and doubles over your stat are Very Bad Things™. Sometimes, the dice just hate you. =)

It seems as a DM I always get good rolls (no really lots of crits and the such) and my players get well... lots of "1"s, while this is merely due to "chance" and I'm not changing the code or roll20, even though once in a while I catch my self rolling a 20: [[20]] which just gives you a 20. Its just a mistype. Anyways its mostly just chance, and maybe your players make their prayers to the Dice Gods before each game. ^_^

I was thinking about this, and went back to confirm I was remembering the post about the testing of the dice correctly, but prior to quantum re-roll it sounds like the dice engine used the entropy from a "high quality server side entropy source" and then later in the thread it says that it also pulls as much randomness as it can from the users browser itself. If someone understood how the dice engine obtains the entropy from the browser itself, could they feed it bad info to corrupt the randomness of the dice? I don't know enough about this kind of thing to know how such a thing could be done, but I seem to recall reading something about the bad RNG's on some computers being used to affect the security of certain cryptographic functions by making the results more predictable.... I think it was something to do with the NSA, and don't know if that would even apply to something like the dice roller, but maybe a coder could weigh in on the possibility? The only reason I even mention it is I had a player who seemed to always get bad rolls, and one day he was having problems with his webcam so he turned it off. The rest of the session his rolls were much improved. I realize it was probably just random chance, and since his rolls went back to being lousy the next game even though he left the webcam off, I think we can say that probably wasn't it. But it did get me wondering about the gathering of entropy from the client machines.

It is technically possible, but extremely unlikely. First off, I'm not even sure Roll20 is still using the local entropy source. If they are, and you had a player willing to compile his own version of Chrome, with modifications to the Javascript Engine, he could potentially control the generated numbers. This is the kind of undertaking that would take months of work for a talented programmer. It's not the kind of thing a script-kitty could do. That said, I'll reiterate that I don't believe Roll20 even uses the local entropy for die rolls anymore. I'm pretty sure that all die rolls are generated on the server side. That would be orders of magnitude more difficult, and would require subverting several layers of security. They could potentially spoof network traffic to get a roll to appear in their browser as a specific number, but unless you are all playing on their computer, that would be quite obvious. For it all practical purposes, you can consider it impossible. If you had a player capable of such things, they'd be far more likely to be spending all that effort to make seven figure salaries or topple third world governments. The shear amount of effort is disproportionate to the gain. It world be cheaper and easier to just pay-off the GM $1000 a roll. :)

Roger A. said: I was thinking about this, and went back to confirm I was remembering the post about the testing of the dice correctly, but prior to quantum re-roll it sounds like the dice engine used the entropy from a "high quality server side entropy source" and then later in the thread it says that it also pulls as much randomness as it can from the users browser itself. If someone understood how the dice engine obtains the entropy from the browser itself, could they feed it bad info to corrupt the randomness of the dice? I don't know enough about this kind of thing to know how such a thing could be done, but I seem to recall reading something about the bad RNG's on some computers being used to affect the security of certain cryptographic functions by making the results more predictable.... I think it was something to do with the NSA, and don't know if that would even apply to something like the dice roller, but maybe a coder could weigh in on the possibility? The only reason I even mention it is I had a player who seemed to always get bad rolls, and one day he was having problems with his webcam so he turned it off. The rest of the session his rolls were much improved. I realize it was probably just random chance, and since his rolls went back to being lousy the next game even though he left the webcam off, I think we can say that probably wasn't it. But it did get me wondering about the gathering of entropy from the client machines. Prior to the quantum rolls, the dice roller was simply a good PRNG. (Better than the built-in random function.) I don't believe it's cryptographically secure, but that's lightyears beyond what's necessary to ensure the randomness of a die roll in a game for fun. As Aaron explains, spoofing the regular RNG is for all intents and purposes impossible. Spoofing quantum roll is harder. I can say with extreme confidence that your player turning off his webcam did nothing to affect the dice engine.

According to the thread about testing the die roller it was a cryptographically secure RNG implemented 100% in JavaScript. I knew when I posted the last comment that it wouldn't be an easy thing to accomplish, but wasn't sure if it was possible at all. I knew the webcam thing wasn't likely, but like I said, it was the thing that got me thinking about the way the dice engine gathered entropy from the local machine( I had read the post about the die roller before the incident so I knew there was something to do with the local machine providing info, but I still dont know how exactly that works). I was under the impression that the only real change for how Quantum Re-roll did things was to change from the previous "high quality server side entropy source" to a true random entropy source based on vacuum fluctuations from laser measurements. I didn't think there was any changes to the actual RNG in JavaScript(it was already an amazing RNG and I was under the impression they had used an off the shelf implementation instead of writing their own from scratch). Maybe a Dev could clear that up?

oops, ninjad by Riley...

Is it possible to make it look like a roll but it wasn't actually rolled? I saw a thread were they were talking about making (For GM fudging) it look like a real roll. Someone had claimed they had accomplished that task.

Well, this is the best I've been able to do. There seems to be no way to change the background color to the normal blue because that is happening further up the chain than the script has access to. Also, I can't see why the picture of the 20-sided die is gone now that I've added the styles. I also don't know how to make it draggable/sortable. All in all, I think this is likely not possible without support in the API for showing the result of a die roll. Unless, of course, you modify the other script that customizes ALL die rolls, in which case you should be able to make it look just like that. But if you want to stay with the normal rolls, I don't think it's possible. Script is embedded, along with a screenshot (fake on top, real on bottom). &lt;script src=" <a href="https://gist.github.com/anonymous/5c76acada11dc4cd92b8.js&quot;&gt;&lt;/script" rel="nofollow">https://gist.github.com/anonymous/5c76acada11dc4cd92b8.js"&gt;&lt;/script</a> Fakeroll script for roll20 system

To clarify that previous post was from that room, not from me. I might be reading it as something it isn't.