Skip to main content
🎲
🧠 Understanding randomness

Under the Hood of TirageAuSort.io: How Our Draws Are Fair

How our online random draws are designed to be reliable: Math.random vs crypto, verifiable fairness, and transparent code, explained simply.

6 min de lecture Rédaction TirageAuSort.io

Under the Hood of TirageAuSort.io: How Our Draws Are Fair

You launch Coin Flip on the site. You watch the coin spin, land, and show Heads. But what really happened between your click and that result? And more importantly: why should you trust us for a reliable online random draw?

This article opens the hood. Not to show off, nor to drown the topic in jargon — quite the opposite: so that by the end of your reading, you can verify for yourself that everything is in order. Transparency is not a slogan; it is a concrete practice. Here is how our draws are built, what guarantees their fairness, and the simple steps that let you check it without being a developer.

How a Computer “Draws Lots”

A first point of honesty: a computer cannot produce pure randomness. It produces calculated randomness. The difference is subtle, but it matters.

When you flip a real coin, the outcome depends on a thousand unpredictable factors: the force of your thumb, air resistance, the irregularity of the coin, the floor where it lands. When you click our button, the computer instead performs a mathematical calculation designed to produce sequences of digits so irregular that, in practice, they cannot be predicted. This calculation has a name: a pseudo-random number generator.

Concretely, your browser (Chrome, Firefox, Safari, Edge) ships with two different tools:

  • Math.random() — the general-purpose function. It is fast, uniformly distributed, and largely sufficient for flipping a coin, rolling a die, or picking a name from a list. Modern browsers implement it with an algorithm called xorshift128+, which produces sequences indistinguishable from true randomness to the naked eye.
  • crypto.getRandomValues() — the cryptographic version. Slower but unpredictable even for an attacker observing thousands of previous results. This is the standard tool for generating passwords or security keys.

On TirageAuSort.io, we use the first one for the vast majority of games (Coin Flip, Virtual Dice, Wheel of Fortune, card draws) and the second one for sensitive tools: Password Generator, Random Color, Random Date. The right tool in the right place. It is a deliberate technical decision, not a default choice.

The Four Guarantees of Fairness

Choosing the right generator is not enough. A draw can still be biased if it is poorly coded around it. Four rules govern every game on the site.

A Uniform Distribution

On Coin Flip, Heads must come up 50% of the time and Tails 50% — not 49/51. On the Number Generator between 1 and 100, every integer must have exactly a 1% chance. It seems obvious, but a classic mistake is to use the modulo operator (the remainder of a division) on the raw output of the generator, which introduces a tiny but real bias on certain ranges. We avoid this trap with the standard method recommended by the official Web documentation: multiply the result by the upper bound and round down. Result: across 10,000 draws, the spread between values stays statistically insignificant.

No Memory Between Draws

Each click is an independent event. The site does not memorize your previous results to “balance out” the next ones — that would be precisely the gambler’s fallacy applied to code, and we devote an entire article to it. If you flip seven Heads in a row, the eighth flip still has a 50% chance of being Heads. It is unpleasant for intuition, but it is rigorously what our code produces.

Everything Happens in Your Browser

This is probably the most important point. TirageAuSort.io is a static site: there is no server that “decides” your result. When you click, the calculation runs on your own machine, in the JavaScript code you downloaded when you arrived on the page. This makes any server-side manipulation technically impossible — there is no server. It also makes the code consultable, which leads us to the next point.

The Right Tool for the Right Use

Take the password example again. If we used Math.random() to generate a 16-character key, two people visiting the site within the same millisecond could, theoretically, end up with partially predictable passwords. With crypto.getRandomValues(), that risk vanishes: the generator draws directly from the operating system’s entropy sources (mouse movements, keystrokes, network events), in line with NIST recommendations on security. Where the quality of randomness has consequences, we step up a level.

How to Check for Yourself

Here is the part that makes this article different: you do not have to take our word for it.

Test #1 — Read the code. On any page of the site, hit the F12 key. A window opens: these are the developer tools, built into your browser for years. Look for the “Sources” or “Debugger” tab. There you will find the JavaScript executed on the page, in plain text. Search for Math.random or crypto.getRandomValues: you will literally read the line that produces your result. No obfuscation, no hidden third-party service call.

Test #2 — The distribution. Run Coin Flip a hundred times in a row. Note the results. You should land around 50/50, with a possible spread of plus or minus ten or so. If you want to be more rigorous, open the browser console (still F12, “Console” tab) and type: let p = 0; for (let i = 0; i < 10000; i++) if (Math.random() < 0.5) p++; p — you will see a number between 4,900 and 5,100. That is mathematical randomness, with no stagecraft.

Test #3 — The coherence. The site is an independent French-language project, with no investor and no ad network that would have an interest in skewing the draws. The only asset we protect is the trust you grant to a tool used to settle a real decision. Cheating would be economically absurd, technically detectable, and ethically disqualifying for the rest of the project.

Randomness Is a Lousy Marketing Pitch

Many sites talk about “certified draws” without specifying by whom or with what method. Our approach is the opposite: no label, no vague promise — just two standardized Web functions, used correctly, executed locally, and readable by anyone who opens the developer tools. If tomorrow someone identifies an error in our code, it will be public by construction and fixed. That is the practical definition of a reliable online random draw: not a marketing argument, but a technical contract you can audit.

To dig deeper, you can read our articles on why we removed casino games, on the signs of problem gambling, and on the real probabilities of Coin Flip — the practical test of this fairness over 10,000 flips, with the standard deviation and the log₂(N) formula to understand why 13 consecutive heads is nothing exceptional. Engine transparency is the first step; understanding what is happening in your head is the logical next one.

Questions fréquentes

Are my results truly random?

Yes, as random as a computer can be. For decision games (Coin Flip, Dice, Wheel of Fortune), we use the browser's built-in random algorithm, which produces a uniform distribution: across 10,000 coin flips, you'll get between 4,900 and 5,100 heads. For sensitive tools such as the Password Generator, we use a stronger cryptographic generator. No draw is weighted, memorized, or replayed: the result is computed locally, in your browser, the moment you click.

Do you sell my personal data?

No. Draws happen entirely in your browser — nothing is sent to a server, so there is nothing to resell. The site asks for no sign-up, no email, no profile. The only data collected concerns anonymized audience metrics (number of visitors, page views, country) through standard analytics tools. Our privacy policy spells this out in plain language.

Why does my favorite number never come up?

Because human memory holds onto striking results and forgets the rest. On the Number Generator between 1 and 100, your favorite number has exactly a 1% chance of appearing on each draw — no more, no less. If it feels like it 'never comes up,' it is almost always a perception effect: you notice the times it is missing, not the times it lands. This is called confirmation bias, and it is a close cousin of the gambler's fallacy.

Can the code really be verified by anyone?

Yes. TirageAuSort.io is a static frontend site: every line of code that calculates a draw runs in your browser, so it is downloaded in plain text on your machine. A right-click and 'View page source,' or opening the developer tools (F12 key), is enough to see the functions at work. You can literally read the line that calls Math.random() or crypto.getRandomValues(). No part of the draw is hidden behind a server-side black box.

Pour essayer

Articles liés