Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Cloudflare Uses Lava Lamps To Encrypt the Internet (zdnet.com)

Posted by BeauHD on from the eeny-meeny-miny-moe dept.

YouTuber Tom Scott was invited to visit Cloudflare's San Francisco headquarters to check out the company's wall of lava lamps. These decorative novelty items -- while neat to look at -- serve a special purpose for the internet security company. Cloudflare takes pictures and video of the lava lamps to turn them into "a stream of random, unpredictable bytes," which is used to help create the keys that encrypt the traffic that flow through Cloudflare's network. ZDNet reports: Cloudflare is a DNS service which also offers distributed denial-of-service (DDoS) attack protection, security, free SSL, encryption, and domain name services. Cloudflare is known for providing good standards of encryption, but it seems the secret is out -- this reputation is built in part on lava lamps. Roughly 10 percent of the Internet's traffic passes through Cloudflare, and as the firm deals with so much encrypted traffic, many random numbers are required. According to Nick Sullivan, Cloudfare's head of cryptography, this is where the lava lamps shine. Instead of relying on code to generate these numbers for cryptographic purposes, the lava lamps and the random lights, swirling blobs and movements are recorded and photographs are taken. The information is then fed into a data center and Linux kernels which then seed random number generators used to create keys to encrypt traffic. "Every time you take a picture with a camera there's going to be some sort of static, some sort of noise," Sullivan said. "So it's not only just where the bubbles are flowing through the lava lamp; it is the state of the air, the ambient light -- every tiny change impacts the stream of data." Cloudflare also reportedly uses a "chaotic pendulum" in its London office to generate randomness, and in Singapore, they use a radioactive source.

20 of 110 comments (clear)

  1. Also known as LavaRand by XXongo · · Score: 5, Interesting

    https://en.wikipedia.org/wiki/... Lavarand was a hardware random number generator designed by Silicon Graphics that worked by taking pictures of the patterns made by the floating material in lava lamps, extracting random data from the pictures, and using the result to seed a pseudorandom number generator.[1] Although the secondary part of the random number generation uses a pseudorandom number generator, the full process essentially qualifies as a "true" random number generator due to the random seed that is used. However, its applicability is limited by its low bandwidth.

  2. Looks like someone paid attention in physics class by RightwingNutjob · · Score: 2

    The universe is full of randomness that's hard to predict. The triumph of digital electronics is that they eliminate the randomness almost completely when abstracted up from electron/hole pairs in semiconductors to the realm of bits and bytes. That means you can't get randomness out of it, no matter how theoretically secure your algorithm--you need to go back to the messiness of physical space for that. Well done.

  3. Re: Why not just a hardware random generator ? by Anonymous Coward · · Score: 4, Funny

    Women are completely unpredictable, just use them.

  4. Lava lamps are VERY deterministic! by Rick+Schumann · · Score: 3, Interesting

    Have you ever watched a lava lamp for a while? Especially one that's been around for a while? They're incredibly deterministic.
    I would think this would be a better source: http://random.irb.hr/

    1. Re:Lava lamps are VERY deterministic! by zm · · Score: 2

      Have you ever watched a lava lamp for a while? Especially one that's been around for a while?

      Yeah.. Entropy ain't what it used to be... Sigh.

      --
      Sig ?
    2. Re:Lava lamps are VERY deterministic! by barbariccow · · Score: 2

      No, but it doesn't matter. That's the beauty of using LIGHTS. They affect the parts of the picture which don't change, i.e. the bottom of lamps or the air between the lamps. Including dust and distortion, a high-res picture can provide a lot of entropy. Could even have multiple layers to it. Consider the bits in the raw picture are used modulus 64 to select one of 64 solid colours. Then, you create a diff map of that solid colour vs the pixel value as the final entropy bits. That simplistic example would add a measure of change to even the parts of the picture which could never be covered by dust, are not affected by the light source at the camera resolution used, etc.

    3. Re:Lava lamps are VERY deterministic! by guruevi · · Score: 2

      If you figured out fluid dynamics IN YOUR HEAD, you shouldn't be posting on /. Einstein.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  5. bps? by Cajun+Hell · · Score: 3, Interesting

    I'm not saying it's a bad idea, but Cloudflare must need a lot. How many bps of entropy can you get per lava lamp?

    --
    "Believe me!" -- Donald Trump
    1. Re:bps? by suutar · · Score: 2

      seed one PRNG, pull out N values and use those as seeds for other stuff? Reseed often enough to avoid the PRNG's cycle and what you pull out should stay unpredictable.

    2. Re:bps? by AmiMoJo · · Score: 3, Informative

      But why bother? You can use a simple quantum noise source made from a saturated silicon P-N junction (half a transistor) that puts up a few million bits per second. Balance and whiten them and you can easily get a 2 million truly random bits per second for parts costing a couple of Euros. I built one as a little hobby project.

      Just using a microcontroller's built in termperature sensor I've managed to get close to 3Mb/sec. It all passes the standard tests (Diehard, NIST etc.)

      Cloudflare's systems are just gimmicks. Interesting ones, but not serious.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  6. Pseudo-Nerdery by Anonymous Coward · · Score: 5, Interesting

    Lava lamps are giant blobs of cohesive good. Unpredictable as they are, their entropy is pretty low.

    We had an old slashdotter on here a few years ago who made specialised RNG generating cards. They used unpredicatable random static noise and filters to generate extremely high quality random data. Apparently their cards were so good, they discovered flaws in some kind of "Die Hard" suite of statistical tests. I think the cards retailed for ~$30 IIRC.

    That's nerdery. That's going the distance. Using lava lamps? That's hipster shit. Pseudo-nerdery. Someone who, for whatever direction their lives have taken them, thinks they're a nerd, but really they're at best a geek who can follow a cookbook. And most of the internet won't be able to tell the difference.

    The real nerds don't get stories written about them anymore.

    1. Re:Pseudo-Nerdery by legoleg · · Score: 5, Informative

      From way back in 2006, this looks like the guy you mention:

      https://slashdot.org/comments....

  7. Re:Why not just a hardware random generator ? by corychristison · · Score: 4, Informative

    I'd say it's a gimmick, if anything.

    Truth is there are other/better/easier sources to generate entropy seeds from.

  8. lava lamps really needed? by supernova87a · · Score: 2

    Is the lava lamp really the source of most of the randomness, or is it kind of a gimmick that people can say and understand? I mean, cmon, the noise in the camera itself is probably already enough, right? They're taking the Nth decimal place of some characteristic of the entire image -- the lava really isn't that important, is it?

  9. Patented by Bruce+Perens · · Score: 3, Informative

    Lavarand is the subject of this patent and I wonder if CloudFlare has a license? Insert comments on the frivolity of the patent and of the patent system below.

    I suspect that the noise of the camera sensor contributes as much randomness as the lava lamp. And it's thermal or quantum noise, so probably a good random source.

    --
    Bruce Perens.
  10. Re:Looks like someone paid attention in physics cl by TechyImmigrant · · Score: 2

    The universe is full of randomness that's hard to predict. The triumph of digital electronics is that they eliminate the randomness almost completely when abstracted up from electron/hole pairs in semiconductors to the realm of bits and bytes. That means you can't get randomness out of it, no matter how theoretically secure your algorithm--you need to go back to the messiness of physical space for that. Well done.

    That's what metastability is for. It's how the entropy source in your CPU works and it's a heck of a lot more efficient and fast than a bunch of lava lamps.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  11. Re:Looks like someone paid attention in physics cl by Waffle+Iron · · Score: 3, Funny

    it's a heck of a lot more efficient and fast than a bunch of lava lamps.

    I made my lava lamp RNG much more efficient by installing LED bulbs in the lamps.

    It's also much faster now. No matter how fast I read out bits, I get the same results.

  12. Re:Mostly PR gimmick. by atisss · · Score: 2

    That would also be more secure, as it can't be observed and intercepted.
    There have been several cases when flaw found in PRNG affects the security of resulting cryptographic key.
    If you want secure key, you need secret random seed, not one that can be publicly observed and replayed/repeated

  13. Re:Why not just a hardware random generator ? by Hognoxious · · Score: 3, Funny

    3. You can actually SEE that the thing is working correctly, unlike a radioactive source.

    You can hear it. It makes a clicking sound. Have you never seen a movie?

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  14. Earthquake! by mnemotronic · · Score: 2

    Power failure!
    Seed = 00000000000000000000000000000000000000000000000000000

    --
    The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.