How to shuffle cards
Just read a classic 1999 paper, How We Learned to Cheat at Online Poker: A Study in Software Security by Arkin, Hill, et al. The security researchers found horrible weaknesses in the algorithm that an online poker site used to shuffle cards. Basically, just by looking at their own hand and the first 3 cards on the table, the researchers could, with almost 100% certainty, figure out the order of cards in the deck and everyone else’s hand — thus, totally pwning at poker.
If you are in the business of designing card-shuffling software, it is worthwhile to pay attention to this debacle.
First, the correct way to shuffle cards with a computer is using the following algorithm:
for i = 0..50
j = random number in i..51
swap card[i] and card[j]
Second, it is absolutely vital to use a truly unguessable seed for your pseudorandom number generator. Using the system clock, as in common programming practice, is a Bad Idea (since the bad guys know approximately what the system clock reads and therefore can guess the sequence that your PRNG is going to output). If you are using Linux, you should instead use /dev/random which gets its entropy from such sources as disk, network, and keyboard activity (and on a busy poker server, you are sure to have lots of network activity).
And third, it is a good idea to use a 64-bit pseudorandom number generator just in case the Bad Guys have a way of searching through a 32-bit space in the time of a poker match (or worse, if the bad guys got a fix on your random seed and thus can cut down a standard PRNGs 32-bit space to something more reasonable).