CrashTactics
18+ Crash games carry a permanent negative expected value — you will lose money over time. Play money only on our tools. Gambling can be addictive; never bet to win or chase losses. Get the safer-play guide & helplines →

Transparency · verification

How to verify a provably fair crash game, step by step

'Provably fair' only means something if you can actually do the proof. Here's the full mechanism — server seed, client seed, nonce, and the hash-to-multiplier formula — plus exactly how to recompute a real round and confirm it was fixed before you bet.

MO
Maya Okonkwo, lead crash-games analyst · Updated 8 June 2026 · How we work

What "provably fair" actually means

A provably-fair game lets you prove, after the fact, that the operator committed to a result before you bet and could not have altered it based on your wager. It does this with cryptographic commitment: the server picks a secret (the server seed), shows you a hash of it in advance, and only reveals the secret later. Because a good hash can't be reversed, the operator is locked in — the hashed value they showed you can only have come from the seed they later reveal.

Critically, this proves integrity (the result wasn't manipulated), not fairness of odds in the everyday sense. The house edge is still baked into the formula. Provably fair means "not rigged against you beyond the stated edge" — not "a good bet". Keep that distinction in mind throughout.

The three ingredients: server seed, client seed, nonce

The three are combined — typically HMAC_SHA256(serverSeed, clientSeed:nonce) — to produce the hash that determines the crash point. Change any one and you get a completely different, unpredictable result.

The hash-to-multiplier formula

The industry-standard conversion from hash to crash point is:

crashPoint = floor( (100 − houseEdge) / (1 − h) ) / 100

where h is a fraction in [0,1) derived from the hash. The common derivation takes the first 13 hex characters of the hash, reads them as an integer, and divides by 2^52 — a 52-bit value (13 hex digits × 4 bits = 52 bits). So:

h = int(first 13 hex chars of hash) / 2^52 (a 52-bit fraction) crashPoint = floor( (100 − edge) / (1 − h) ) / 100

Worked intuition: when h is small, 1 − h ≈ 1 and the crash point is near (100 − edge)/100 — a low multiplier. When h is close to 1, 1 − h is tiny and the multiplier balloons toward the game's maximum. The distribution of h being uniform is exactly what makes P(reach m) = (100 − edge)/100 ÷ m = RTP/m.

Why the instant-bust rate equals the house edge

Here is the elegant part. The house edge isn't an extra fee bolted on — it's produced by forcing a small fraction of rounds to bust instantly at 1.00×. Specifically, a fraction of rounds equal to the house edge is mapped to an immediate bust:

That's why a higher-edge game "feels" like it busts early more often — because it literally does, on more rounds. Our simulator reproduces this faithfully: switch the edge and watch the instant-bust frequency (and your ruin rate) rise.

Verifying a real round yourself

The general procedure, which works on any operator that exposes the seeds:

  1. Before playing, note the hashed server seed the operator displays, and set (or note) your client seed.
  2. Play your rounds. The nonce increments each round.
  3. Rotate / reveal the server seed. Most sites require you to "rotate" to a new seed before they'll reveal the old one — this prevents you peeking at future results.
  4. Confirm the commitment: hash the revealed server seed and check it matches the hash shown in step 1. If it matches, the operator couldn't have changed the seed after you bet.
  5. Recompute each crash point: compute HMAC_SHA256(serverSeed, clientSeed:nonce) for each round, take the first 13 hex chars, derive h, and apply the formula. The result must match the crash points you observed.
Tools you can use

You don't need to trust a calculator — any SHA-256/HMAC tool (including offline ones) reproduces these values. Reputable operators also publish their own verifier and the exact derivation. If a site can't show you the seeds and the formula, it is not meaningfully provably fair.

How each operator implements it

What verification does — and doesn't — prove

Be precise about the guarantee:

In short: provably fair is a powerful, checkable integrity guarantee — and a great reason to prefer crypto originals over black-box RNG. It is not a route to profit. The maths in our strategy guide still holds: EV = −(house edge), verified or not.

Frequently asked questions

How is a crash game's crash point calculated?

From a cryptographic hash of the server seed, your client seed and a nonce. The first 13 hex characters of the hash form a 52-bit fraction h, and crashPoint = floor((100 − houseEdge)/(1 − h))/100. The hashed server seed is committed before the round and revealed after, so you can verify it.

What does provably fair actually guarantee?

That the result was fixed before you bet and was not manipulated round-by-round — you can recompute it and check the server-seed hash matches. It does not make the odds good: the house edge is still built into the formula and the game remains negative-EV.

Why do higher house-edge crash games bust early more often?

Because the instant-bust frequency at 1.00x equals the house edge: about 1% of rounds at 99% RTP, 3% at 97%, 5% at 95%. A higher edge literally forces more rounds to bust immediately.

Can I verify a crash result without trusting the casino's tool?

Yes. Any independent SHA-256/HMAC tool reproduces the same hash, so you can recompute the crash point from the revealed seeds yourself and confirm it matches both the published hash and the observed result.

Formula and derivations reflect the standard industry model; exact implementation details (hash function, hex-digit count) can vary slightly by operator — always check the operator's own fairness documentation. Educational content, 18+.