Freestyle Chess Randomizer

Random Chess960 positions you can verify later. No accounts required.

Seed Settings

Initializing session…

Positions use Scharnagl numbering 0–959 (960 total). Position #518 is the standard chess setup.

Randomness Distribution

By default, counts are summed into 24 bins (40 Scharnagl indices each) so the chart stays readable. Toggle to see all 960 bars. Data reflects generations across all users and should trend uniform over time.

Total generated (all users): 0   |   Most frequent index:   |   Unique positions: 0 / 960

Generation History

This history is saved locally in your browser (per device). It does not include generations from other users.

0 entries
Nonce Client Seed Index FEN Timestamp Action
No generations yet. Click "Generate Random Position" to start.

How verification works

A three-step commitment scheme. Glance at the cards below for the overview, or expand the deep-dive for the full protocol.

Commit

Server locks a secret; you only see its hash until reveal.

Draw

Each click runs HMAC(server seed, client seed + nonce) → uniform 0–959.

Reveal

Unlock the secret to verify past draws, then a fresh seed commits for new sessions.

Full technical deep-dive

This tool generates Freestyle (Chess960) positions in a way you can verify later. Think of it like a sealed envelope: the server commits to a secret first, then every result is derived deterministically from that secret plus your inputs.

  1. Server commitment: On page load the server creates a secret Server Seed, but only shows you its SHA-256 hash. That hash is the commitment: the server can’t change the seed later without the hash changing.
  2. Client seed: You provide a Client Seed (we generate one for you by default). This ensures the final results depend on something the server didn’t choose.
  3. How a position is picked (uniform): For each click, the server combines the Server Seed, your Client Seed, and the current nonce using HMAC-SHA256, then turns that into a number from 0–959. We use a tiny extra step (rejection sampling) to guarantee every one of the 960 positions is exactly equally likely.
  4. Nonce stays in order: Each click uses the next nonce number (0, 1, 2…). If your browser ever sends a nonce out of order (for example from a double-click or a delayed request), the server rejects it and the page resyncs to the correct next nonce.
  5. Race-proof updates: When the server advances the nonce, it does so with a “write only if nothing changed” safeguard (ETag / If-Match). So if two requests happen at the same time, only one can succeed.
  6. Verify anytime: Use Reveal secret · Start new session to reveal the Server Seed for the current session. You can then recompute every result yourself and confirm the server didn’t tamper with anything. After revealing, the server rotates to a fresh seed for future generations.

Use the revealed Server Seed, your Client Seed, the nonce, and (if shown) the retryCounter. The Copy verification payload button in the dialog includes everything needed.

Verify this session

The server seed for this session is now public. Recompute any draw with HMAC + your client seed and nonce list. A new server seed is already committed for the next session.

Revealed server seed
SHA-256 commitment (what you saw before reveal)
Client seed
Nonces used this session
New commitment hash (next session)

Per nonce (with rejection sampling when needed):

HMAC-SHA256(serverSeed, clientSeed + ":" + nonce [+ ":" + retryCounter])
→ first 8 hex chars → uint32 → if below threshold: index = uint32 % 960

External HMAC tools (optional):

devglan HMAC cryptotools HMAC