The Lava Lamps That Help Keep The Internet Secure


Computers aren’t very good
at picking random numbers. Every part of a computer is
designed to be predictable, and to follow logical patterns. You put the same numbers in, you’re going to get the same numbers out. Which is a problem, because
all modern encryption, including that padlock up in your browser that tells you that you’re safe, all of that relies on big,
properly random numbers. If you can somehow predict those numbers, you can start breaking those locks. Which is why I’m here, at the headquarters of Cloudflare,
in San Francisco. Cloudflare is a service that protects
websites and web services, and sort of sits in front of them
as a gatekeeper. Somewhere around 10% of the web
flows through Cloudflare’s network. Cloudflare was one of the first companies to provide free SSL
encryption for websites. So the connection between your web browser
and the website you’re going to is fully encrypted and
invisible for eavesdroppers to be able to look at. In short, these folks deal with a lot of
encrypted Internet traffic, so they need a lot of random numbers. It is possible to write code
that will simulate randomness, and that’s good enough for a lot of uses, but in theory, those
numbers could be predicted. They’re just being generated by code, so the servers here have to get their
randomness from an external and
entirely unpredictable source. A lot of home computers treat their own
users as sources of randomness, tiny twitches of mouse movement, the exact milliseconds between keystrokes, or on a phone maybe even the
accelerometer or other sensors. In all those cases, they generally discard
the bigger parts, the bits that could just
be influenced by humans, and go off the tiny little decimal places, the bits that you couldn’t
control precisely, even if you wanted to. But that sort of human
interaction is nowhere near enough for an
operation on this scale, hence lava lamps. We videotape these lava lamps
and take the pictures and video, and turn it into a stream of
random, unpredictable bytes. And this unpredictable data is what we use
to help create the keys that encrypt the traffic that
flows through Cloudflare’s network. This data is then fed
into our data centres and then fed into the Linux kernel which then uses it to help seed
random number generators that are used to generate keys. Every time that you take
a picture with a camera there’s going to be some sort of static,
some sort of noise. So it’s not only just where the bubbles
are flowing through the lava lamp, it’s the state of the air,
the ambient light, every tiny change impacts
the stream of data. A cryptographic hash function
is something that we use where even if you have one static image
and one little bit changes, it changes the entire stream. So we use that to help
scatter the randomness as much as possible. We also collect randomness
around the world. So in our London office,
we have this thing called a chaotic pendulum. It has three pieces and
it’s unpredictable in which way they twist and turn together. We videotape that and feed it into our
randomness source, as well. In our Singapore office, we
have a radioactive source that we use to feed into the
randomness system, as well. So this is not just some
stunt that we pulled, it’s actually being
fed into our real systems. Whether anything in
the world is truly random is arguably a question of
philosophy and not science. Maybe everything is just
complicated clockwork. But these lava lamps are so chaotic that simulating that camera shot
with perfect pixel accuracy, far enough ahead
to be useful while figuring out everything else
those images are being put through, it’s roughly the same level of difficulty
as just brute-forcing the encryption in the first place. And even if you could simulate all that, you’d only have one piece of the puzzle. These folks aren’t the first to do this. “Lavarand” was patented by a company called
Silicon Graphics in 1996, but that only lasted a couple of years. Now of course, there are less flashy and more practical ways to
generate random numbers, but then I wouldn’t be here. I would be at some
other company who’d gone and, I don’t know, pointed a camera at
a basket of kittens. That’d be a bit higher
maintenance, though.

100 thoughts on “The Lava Lamps That Help Keep The Internet Secure

  1. We just need to invent a little device that people can attach to their lava lamps and connect to their WiFi. When the device is turned on, it will record random data from the lava lamp and send it to a server. That way, anyone who has a lava lamp can help encrypt data.

  2. So they just hash the image and use that has as a seed?

    Well I guess it's clever but not as interesting as I had hoped.

  3. Some networking gear uses voltages, temperatures and etc from the processors built in sensors. Also they try to sample the cable length, fan encoder data at random intervals, or just the minor noise that makes it through the optocouple

  4. Idea, break into the attic and intercept the output of the camera with some radio controlled device and cross reference the images with the keys created to determine the hash algorithm, then simply feed in your own images and use the algorithm/previous knowledge to know what the new keys will be.

  5. The spacing of the lamps on the wall! They need to fix it STAT! The pattern is off too! I could never work there.

  6. See I guess being a hippie was a cool thing even back in the olden days right. I guess I won't laugh at the baby boomers anymore and they're silly quirky stuff.

  7. from my count you got 125 lava lamps burning 25 to 40 watts each that is 3125 to 5000 watts on your electric bill.

    if all you are doing is to make a picture that can give you random numbers you could point a camera out the window and get the current weather and use that snapshot much cheaper.

    it may be possible to point a camera at an old analog tv and capture the snow and do the same thing

  8. Wait but what if you can hack the webcams and then predict the numbers for every website this service provides numbers for? Or do the workers get specialised training which makes it so only they can read the pixels?

  9. pci express lava lamp entropy device

    and who needs lava lamps when my eyes produce way more visual static than any camera

  10. I can’t wait to see: Entitled Kid steals lava lamp; causes millions of internet users to have date breached.

  11. There was a concept of filming air bubbles in an aquarium to get random data until they realized that by taping the camera black and using the noise data they got even better results.
    So I think this is mostly marketing.

  12. Lamp company: so how many lava lamps do you need?

    Cloudfare: I need about… hmmm… seven thousand two hundred and sixty four.

  13. Cloudflare :"we use Lava Lamps as a RNG"
    War-Gaming has entered the chat!

    for those that don't get the joke War-Gaming's World of Tanks/War-Ships/War-Planes games heavily use RNG almost every thing in the game is governed by RNG in one way or another

  14. Fish tanks would be better. Those lava lamps have been on for too long, they've gone cloudy 😛 – Wicked job though! – Well done.

  15. What I don't understand about this, is that the encryption key has to get to your computer somehow. It doesn't matter how the key is made, it still needs to be seen somehow.

  16. My question about this is how they handle such high amounts of requests. If they use high fps cameras (fe. 1000k fps) it would still only be able to handle 1000 requests per second on one site because if they get more requests they just werent able to generate more randomness.
    So do they have multiple cameras or multiple rooms lava lamps, or do they cut the images down to just one lamp or sth else?
    Would be nice if someone had a good idea of how they probably do it 😉

  17. This is one of the most hilarious and amazing videos I've seen on this channel.

    Also the one that sounds the most like an April Fools joke.

  18. The internet is secure? Thats great news. Now i can stop doubting. Now, all i need is my credit card details and call back james from Microsoft America and buy the Fire floor i need.

  19. “Computers aren’t very good at picking random numbers”

    A bit off tangent here but that’s precisely the reason why the simulation hypothesis is null. Unless of course randomness in the universe is not true randomness but a degree of human ignorance

  20. We have advanced so much with our technology. It's really a sad commentary on humans that we need to go to such great lengths to protect ourselves from so many threats. The large Corporation I worked for had to spend millions to protect their networks and data.

  21. Computers are not bad a generating random numbers. It is the programmers who are bad at writing software that generate random numbers. Don't put the blame where it doesn't belong.

Leave a Reply

Your email address will not be published. Required fields are marked *