Verifiable Random Selection - Advice
The RFC has more detail and rationale, but here's the quick version:
- Construct and publish your list of things to choose from. If this involves people making submissions, publish a date and exact time (with timezone) after which no more applications will be accepted.
- Do not change the list after that date. If entries must be withdrawn, just put a line through them and, if the algorithm picks them, use the next one.
- Publish an ordered list of 3 specific sources of randomness. I strongly suggest draws from the UK National Lottery - specify both the game names and the dates concerned. Currently, the "Daily Play" game draws every day except Sunday. If you don't use this, read the RFC for more advice.
- Insert the list and the random values into the web app, once the draws have been made.
- Click "Get Result" as many times as necessary.
- Invite other interested parties to check your working.
- For bonus points, construct and compile the C source code to reproduce the results and so check there's no bug in the web app ;-)