Hmm... My fault; I thought I'd mentioned this. Indiana uses just such a computer to draw the numbers for all their online games.
Most people here believe there's really no difference between numbers drawn with ping-pong balls and those drawn using an RNG. I think that's because most people here live in states that still use ping-pong balls to draw their numbers, and also because they believe people who live in states that use RNG's are paranoid or are ineffectual at selecting their numbers. I extend to these players an invitation to come to Indiana and play the daily games. Nevermind your predictions; it's fairly easy to select winners in the Hoosier Lottery Pick-3 and Pick-4 games when you don't actually buy tickets.
The average total payout for Indiana's Pick-3 evening game is less than $40,000. Compare that to the following states: Georgia - $375,000, Ohio - $220,000, Michigan - $260,000. Usually, Indiana pays out around $15,000.00 a day for their Pick-3 evening game.
Still not convinced?
Okay, check this out: In the Indiana Pick-4 game, two digits repeat in two or more consecutive draws 51.5% of the time (945 draws). Three digits repeat in two or more consecutive draws 10.2% of the time, and all four digits have appeared in consecutive draws on two separate occasions.
More? Fine. Here's what a manufacturer of commercial computerized electronic random number generators has to say. Szrek sells these machines to the gaming industry, including state lotteries. The following is presented verbatim from their website (www.szrek.com):
"...The problem facing the gaming industry is not how to generate random numbers, but how to do it securely, in an auditable fashion. Any publicized case of defrauding computerized drawing machines could have a disastrous effect on the whole industry as they currently all have a very limited audit capability (italics are mine). Electronic drawing machines are exposed to many security threats from the environment they are in. Even if the machine is supervised in a locked room, protected by a special enclosure, connected using a private network and a custom protocol, the environment could be insecure."
Security Threats Against Computerized Draws (from the website)
1). *Physical connection may be hijacked - attacker, insider or in some environments also an outsider, may remove a physical connection from the drawing machine and connect it to another device. This kind of attack is relatively easy in any communications environment. This could also be accomplished by manipulating network routers and switches.
*I believe this has happened. I think the Hoosier Lottery has their RNG connected to their central computer, which tracks the numbers. This would allow them to minimize payouts on their daily games (by generating the number least played) and to build their lotto jackpot at will (by segregating the winning combination as "selection refused") to increase ticket sales.
2). Logical connection may be hijacked - attacker may masquerade on the protocol level as an authorized machine.
3). Drawing program may be exchanged locally, when the system is not supervised, or exchanged remotely. After it is restored, there may be no proof of change left. This may be handled by a "script" hidden in the drawing machine. This script may destroy itself when finished.
4). Drawing program may have "hidden" features allowing attacker generation of specific numbers.
5). Drawing algorithm may be programmed with a "desired" bias, causing some results/ combinations to happen more often. Such a bias may not always be detectable by statistical analysis (See paragraph 5 above).
6). Drawing algorithm may be predictable to enable the attacker to predetermine the results - for example a finite number of states the machine goes through during its operation may allow the attacker to predetermine the draw results.
7). Algorithms may rely on secrecy of proprietary algorithms, secrecy of data or other elements that are not verifiable. Each of these elements may become exposed and the drawing process may be compromised.
8). *Time-related attacks A). Draws may be shifted in "phase" so that the actual results for draw data are generated earlier. B). Client software (host machine running the game) may be manipulated to request draw results earlier. C). Clock may be "corrupted" and the results could be available earlier.
*Keep in mind that Indiana no longer broadcasts a live drawing, as required by state law. The drawing is supposed to take place at 8:58 pm, but could actually be done at any time, and we wouldn't know. They don't air it until 9:40 pm, and then only on a local channel.
9). Man-in-the-middle attack: attacker can position him/ herself in the middle between a client and a drawing machine to gain control over the process of delivery of draw numbers. This may be accomplished by loading a "filtering program" onto the client machine or inserting a "filter device" on the network.
10). Fishing: Draw numbers are requested multiple times, attacker chooses "suitable" draw numbers.
11). Ignoring of drawing machine results - Gaming software may be manipulated to produce its own raw numbers and simply ignore drawing machine results.
Paranoid? You bet I am, but you might want to temper your giggling, as more states have plans to institute these machines in their lotteries. If you allow them to do so, I'm sure you won't find it so amusing.
Continued good luck to all...
Jim