How Cloudflare Uses Lava Lamps To Encrypt the Internet (zdnet.com) 110
YouTuber Tom Scott was invited to visit Cloudflare's San Francisco headquarters to check out the company's wall of lava lamps. These decorative novelty items -- while neat to look at -- serve a special purpose for the internet security company. Cloudflare takes pictures and video of the lava lamps to turn them into "a stream of random, unpredictable bytes," which is used to help create the keys that encrypt the traffic that flow through Cloudflare's network. ZDNet reports: Cloudflare is a DNS service which also offers distributed denial-of-service (DDoS) attack protection, security, free SSL, encryption, and domain name services. Cloudflare is known for providing good standards of encryption, but it seems the secret is out -- this reputation is built in part on lava lamps. Roughly 10 percent of the Internet's traffic passes through Cloudflare, and as the firm deals with so much encrypted traffic, many random numbers are required. According to Nick Sullivan, Cloudfare's head of cryptography, this is where the lava lamps shine. Instead of relying on code to generate these numbers for cryptographic purposes, the lava lamps and the random lights, swirling blobs and movements are recorded and photographs are taken. The information is then fed into a data center and Linux kernels which then seed random number generators used to create keys to encrypt traffic. "Every time you take a picture with a camera there's going to be some sort of static, some sort of noise," Sullivan said. "So it's not only just where the bubbles are flowing through the lava lamp; it is the state of the air, the ambient light -- every tiny change impacts the stream of data." Cloudflare also reportedly uses a "chaotic pendulum" in its London office to generate randomness, and in Singapore, they use a radioactive source.
Also known as LavaRand (Score:5, Interesting)
Re: (Score:2)
Lavarand was a hardware random number generator designed by Silicon Graphics that worked by taking pictures of the patterns made by the floating material in lava lamps
That's one of the first statements he made in the video.
Old news (Score:2)
Modernize: Replace lamp with GPU (Score:2)
And as the Wikipedia article states later, this technology dates to 1997, and includes a link to the patent from 1998. So this is not news.
Fine, modernize the system. Replace the incandescent light bulb with a GPU mining cryptocurrency. :-)
Re: (Score:2)
Well, the patent has either expired or is just about to. So the news is it'll soon be available to anyone.
Darn (Score:2)
It's older than /.
Re: (Score:1)
I remember reading about it in the 90s in an Economist column in the science section.
Re: (Score:2)
In this article [nytimes.com] from the NY Times, people from SGI say that they eventually gave up on the lava lamps and just took pictures of the lens cap which meant that they were essentially using electronic noise!
Fascinating!
I also recall that in the early 2000s Google was using this very technique. You could go online and view images of the lavalamps. Unfortunately I can't find any good references to it. Sorry!
Will
Re: Why not just a hardware random generator ? (Score:4, Funny)
Women are completely unpredictable, just use them.
Re: (Score:1)
You win the Internet for the rest of the day.
Enjoy.
Re:Why not just a hardware random generator ? (Score:5, Informative)
I'd say it's a gimmick, if anything.
Truth is there are other/better/easier sources to generate entropy seeds from.
Re: (Score:1)
Truth is there are other/better/easier sources to generate entropy seeds from.
I thought the same thing at first. Then realized that:
1. You really only need to generate a new seed very sporadically.
2. Insiders that can see the damn thing are unlikely to choose this as an attack path since they have so many far better ones.
3. You can actually SEE that the thing is working correctly, unlike a radioactive source.
All in all, it sounds like an OK solution, though it does have a gimmicky sort of look to it.
Re:Why not just a hardware random generator ? (Score:4, Funny)
You can hear it. It makes a clicking sound. Have you never seen a movie?
Re: (Score:2)
Well, it isn't hard to build a simple circuit [makezine.com] that generates randomness from semiconductor junction noise, but pointing a video camera at a lava lamp is even easier and more within the skill set of an average software geek.
Re: (Score:2)
Yes, but we're not talking about design. We're talking about re-using existing design.
Only a complete fool would try to gin up his own pseudorandom number generator algorithm; you look a good one up in a book. We're not even talking about that here; we're talking about using somebody else's scheme.
Re: (Score:2)
opinion discarded
From an AC? Now I've seen everything.
Re: Why not just a hardware random generator ? (Score:2)
But ON a shelf. Not OFF the shelf.
But hey! It is working, easy to explain to anyone brighter than a box of darkness and most important: it's a really cool thing to show visitors on a tour through the office.
Come on, how many tech companies would show guests actual production hardware and even if, how often would it be some dull boxes in a Datacenter
Re: (Score:1)
The lava lamp can’t be backdoored like that hardware can.
Apple's Lavarand wall would have both color and IR (Score:2)
The lava lamp can’t be backdoored like that hardware can.
But the camera software can, and the image processing software can, etc.
... Apple's Lavarand wall would have both color and IR cameras. ;-)
Are the cameras visible color spectrum or IR? The former could be spoofed with a photo, no need to backdoor the software.
FWIW
Re: (Score:2)
The former could be spoofed with a photo
No, because even a static photo will still have plenty of sensor noise. You could put the lens cap on, and it would work just as well.
Re: Why not just a hardware random generator ? (Score:1)
Because there is no known general analytical solution to the Navier-Stokes equation. It is a hardware rng.
Looks like someone paid attention in physics class (Score:3)
Re: (Score:3)
The universe is full of randomness that's hard to predict. The triumph of digital electronics is that they eliminate the randomness almost completely when abstracted up from electron/hole pairs in semiconductors to the realm of bits and bytes. That means you can't get randomness out of it, no matter how theoretically secure your algorithm--you need to go back to the messiness of physical space for that. Well done.
That's what metastability is for. It's how the entropy source in your CPU works and it's a heck of a lot more efficient and fast than a bunch of lava lamps.
Re:Looks like someone paid attention in physics cl (Score:4, Funny)
it's a heck of a lot more efficient and fast than a bunch of lava lamps.
I made my lava lamp RNG much more efficient by installing LED bulbs in the lamps.
It's also much faster now. No matter how fast I read out bits, I get the same results.
Re: Looks like someone paid attention in physics c (Score:1)
Re: (Score:2)
Lava lamps are VERY deterministic! (Score:4, Interesting)
I would think this would be a better source: http://random.irb.hr/ [random.irb.hr]
Re: (Score:2)
Yeah, my first thought was - this is more like a random number generator for which you know the salt.
Re: (Score:2)
Did you watch the video? The total sum of all the inputs is extremely random.
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
Have you ever watched a lava lamp for a while? Especially one that's been around for a while?
Yeah.. Entropy ain't what it used to be... Sigh.
Re: (Score:2)
Re: (Score:2)
For just one lamp, you would need impractically accurate information of the lamp at a known time to feed into an impractically accurate model of the thermal and fluid dynamics of the lamp to predict its state. Then you'd need to frequently update said impractically accurate information to correct for the drift over time due to other factors that affect the state of the lamp (outside heating/coolin
Re: (Score:2)
yeah, get your random numbers fed from a plain-text source. Sure it's random, but if you want to use it for cryptography, it should problem remain secret.
Re: (Score:2)
They could create and deploy a safe truly-random generator, but couldn't do the tier-1 5 minute task of installing an SSL cert? They seem to not even CARE...
To enable high security, in future, SSL protocol shall be supported, i.e. all data shall be encrypted
Re: (Score:3)
If you figured out fluid dynamics IN YOUR HEAD, you shouldn't be posting on /. Einstein.
Re: (Score:2)
Either Cloudflare didn't notice that there's a superficial predictability to a lava-lamp, or you don't understand how their RNG leverages lava-lamps and chaotic fluid dynamics.
Which seems more likely?
bps? (Score:4, Interesting)
Re: (Score:2)
Re: (Score:3)
seed one PRNG, pull out N values and use those as seeds for other stuff? Reseed often enough to avoid the PRNG's cycle and what you pull out should stay unpredictable.
Re:bps? (Score:4, Informative)
But why bother? You can use a simple quantum noise source made from a saturated silicon P-N junction (half a transistor) that puts up a few million bits per second. Balance and whiten them and you can easily get a 2 million truly random bits per second for parts costing a couple of Euros. I built one as a little hobby project.
Just using a microcontroller's built in termperature sensor I've managed to get close to 3Mb/sec. It all passes the standard tests (Diehard, NIST etc.)
Cloudflare's systems are just gimmicks. Interesting ones, but not serious.
Re: (Score:2)
oh, sure, you can use other methods to get the random bits to seed the PRNG. I was just trying to respond to the question of how they can seed a bunch of stuff at once given the effective bit rate of a wall of lava lamps.
Re: (Score:2)
Or: seed one cryptographically secure RNG with 1024 bits of random state, and pull out as many values as you'd like.
Re: (Score:2)
That's certainly one way to avoid the cycle time :)
Re: (Score:2)
Re: (Score:2)
Next Version (Score:2)
Pop Rocks based encryption!
Pseudo-Nerdery (Score:5, Interesting)
Lava lamps are giant blobs of cohesive good. Unpredictable as they are, their entropy is pretty low.
We had an old slashdotter on here a few years ago who made specialised RNG generating cards. They used unpredicatable random static noise and filters to generate extremely high quality random data. Apparently their cards were so good, they discovered flaws in some kind of "Die Hard" suite of statistical tests. I think the cards retailed for ~$30 IIRC.
That's nerdery. That's going the distance. Using lava lamps? That's hipster shit. Pseudo-nerdery. Someone who, for whatever direction their lives have taken them, thinks they're a nerd, but really they're at best a geek who can follow a cookbook. And most of the internet won't be able to tell the difference.
The real nerds don't get stories written about them anymore.
Re: (Score:2)
Dieharder has a handful of suspect tests. You can safely ignore them.
What's worse is when the certification tests are broken. Here is this old slashdotter's evaluation: https://github.com/dj-on-githu... [github.com]
Re:Pseudo-Nerdery (Score:5, Informative)
From way back in 2006, this looks like the guy you mention:
https://slashdot.org/comments.... [slashdot.org]
lava lamps really needed? (Score:3)
Re: (Score:2)
I'm guessing not. I was wondering why they didn't just point a webcam out the window. Capture enough busy highway, sky, and pedestrian areas combined with the noise from the camera, and you're probably accomplishing the same thing.
Re: (Score:2)
Is the lava lamp really the source of most of the randomness, or is it kind of a gimmick that people can say and understand? I mean, cmon, the noise in the camera itself is probably already enough, right? They're taking the Nth decimal place of some characteristic of the entire image -- the lava really isn't that important, is it?
You are correct to question this and your intuition is correct. The noise in the camera provides more entropy by a large margin. The better choice would be to put the cap back on the camera lens, so the gain is cranked up and the noise is maximized.
Patented (Score:4, Informative)
Lavarand is the subject of this patent [google.com] and I wonder if CloudFlare has a license? Insert comments on the frivolity of the patent and of the patent system below.
I suspect that the noise of the camera sensor contributes as much randomness as the lava lamp. And it's thermal or quantum noise, so probably a good random source.
Re: (Score:2)
Patent expired on Jan 29th 2016
Re: (Score:2)
21 years already? Funny that I didn't even think of looking at that.
Re: (Score:2)
We ARE getting old. The patent was filed about the time I first tried Debian and Red Hat from mailer CD's
Re: (Score:1)
Maybe it's new?
Re: (Score:2)
The filing date of the patent (the date it's effective from) is Jan 29, 1996. US patents are good for twenty years. As I write this, it's Nov 8th 2017.
I'll let you do the math.
Obligatory Dilbert (Score:2)
http://dilbert.com/strip/2001-... [dilbert.com]
Re: (Score:2)
Obligatory XKCD: https://xkcd.com/221/ [xkcd.com]
Re: (Score:2)
RFC 1149.5 specifies 4 as the standard IEEE-vetted random number.
Another possible source (Score:2)
Just have me hit a golf ball off the tee - there's no way you can predict where that sucker's gonna land.
Re: (Score:2)
I think you're on to something! If you use a graphene drone to find out where the golf ball ends up, with some AI and blockchain -- damn that's gonna be huge!
... but are they Chinese-made Lava Lamps? (Score:2)
See subject.
..and in Singapore, they use a radioactive source. (Score:2)
Like from Caesium atoms?
Re: (Score:2)
Think a little about it. Does your camera is at exactly the same place? Did your camera CMOS chip have exactly the same defects as the one they use? Do you take your still images at exactly the same time? And there is so much parameters that make your easy hack not so easy. The easy hack would be to put some kind of spying apparatus behind their camera that send the information back to you, not putting another camera.
Re: (Score:2)
Re: (Score:2)
That would also be more secure, as it can't be observed and intercepted.
There have been several cases when flaw found in PRNG affects the security of resulting cryptographic key.
If you want secure key, you need secret random seed, not one that can be publicly observed and replayed/repeated
Re: (Score:2)
There have been several cases when flaw found in PRNG affects the security of resulting cryptographic key.
You can simply avoid this by using a PRNG based on a reputable and secure encryption algorithm. No need to do fancy stuff. Take a simple counter, counting 1, 2, 3, 4, 5... and feed that stream into an AES-256 block cipher.
Lava Lamp Randomness (Score:2)
But this book of random numbers gets 4 stars (Score:2)
No such thing as random (Score:2)
Random == An unrecognised pattern
Earthquake! (Score:3)
Seed = 00000000000000000000000000000000000000000000000000000
saw it on Star Trek: Discovery (Score:1)
nerd bait (Score:1)
If I were a cryptographer, I think I would literally jerk off at the idea of predicting future states of lava lamps to crack a large % of the world's encryption.
Re: (Score:2)