Cloudflare using lava lamps to help with encryption

Nov

Randomness is extremely important for secure encryption. Each new key that a computer uses to encrypt data must be truly random so that an attacker won’t be able to figure out the key and decrypt the data. However, computers are designed to provide logical outputs based on a given input. They aren’t designed to produce the random data needed for creating unpredictable encryption keys.

The real world is a much better source for random data as events are unpredictable. Lava lamps appear to be very practical for this, as the lava never takes the same shape twice thus making it truly unpredictable.

Around 100 lava lamps have been arranged in the Cloudflare office with mounted cameras pointing at them. The cameras take a photo and regular intervals which are then sent to Cloudflare servers. These digital images are essentially series of numbers, with each pixel having its own numerical value assigned to it. This way each image is a string of completely random numbers that are used to create truly secure encryption keys.

Previous attempts to produce random keys have been limited. This is because computers run on logical operations, so you get an expected output if certain conditions are met. This is obviously how it should work, I mean you wouldn’t want your phone to call a different number than the one you put in. But in the case of producing encryption keys, this is the opposite of what you want.

A software program called a pseudorandom number generator (PRNG) has been used to generate random data. I take an unpredictable input and generate multiple, random outputs. However, it’s difficult to prove if the results it generates will be random every time.

A CSPRNG (cryptographically secure PRNG) is the method that Cloudflare has adopted with the lava lamps. It meets previous requirements that PRNG did not, such as attackers not being able to predict the outputs even if they have partial access to the program. The CSPRNG needs random data inputs as a starting point to produce more random data. Cloudflare is using the random data from the lava lamps to put through the CSPRNG and create truly random keys.

Some operating systems have their own source of random data via user input, like mouse clicks and scrolls etc, however, this is collated a lot slower. This random data can also be mixed in with the lava lamps to further ensure unpredictability.

You might also be wondering what if someone stands in front of the lava lamps? Well, that obviously happens all the time in busy Cloudflare offices and it just adds to the randomness!

Source: Cloudflare