Cloudflare translates photos of 100 lava lamps into random data for use in SSL encryption. Here’s how it works:
Computers aren’t very good at picking random numbers every part of a computer is designed to be predictable and follow logical patterns you put the same numbers in you’re gonna get the same numbers out which is a problem because all modern encryption including that padlock up in your browser that tells you that you’re safe all of that relies on big properly random numbers if you can somehow predict those numbers you can start breaking those locks which is why I’m here at headquarters of CloudFlare in San Francisco CloudFlare is a service that protects websites and web services and sort of sits in front of them as a gatekeeper somewhere around ten percent of the web flows through cloud lairs Network pablor was one of the first companies to provide free SSL encryption for web sites so the connection between your web browser and the website you’re going to is fully encrypted and you know invisible for eat shoppers to be able to look at in short these folks deal with a lot of encrypted Internet traffic so they need a lot of random numbers it is possible to write code that will simulate randomness and that’s good enough for a lot of users but in theory those numbers could be predicted they’ve just been generated by code so the server’s here have to get their randomness from an external and entirely unpredictable source a lot of home computers treat their own users as sources of randomness tiny twitches of mouse movements the exact milliseconds between keystrokes or on a phone maybe even the accelerometer or other sensors in all those cases they generally discard the bigger parts the bits that could just be influenced by humans and often tiny little decimal places the bits that you couldn’t control precisely even if you wanted to but that sort of human interaction is nowhere near enough for an operation on this scale hence lava lamps we videotaped these lava lamps and take the pictures and the video and turn it into a stream of random unpredictable bytes and this unpredictable data is what we use to help create the keys that encrypt the traffic that that flow through quad lairs network this data is then fed into our data centers and then fed into the Linux kernel which then uses it to help seed random number generators that are used to generate keys every time that you take a picture with the camera there’s going to be some sort of static some sort of noise so it’s not only just bubbles are flowing through the lava-lamp and sort of the the state of the air the sort of ambient light every tiny change impacts the stream of data a cryptographic hash function is something that we use where even if you have the one sort of static image and one little one little bit changes it changes the entire stream so we use that to help scatter the randomness as much as possible we also collect randomness around the world so in our London office we have this thing called a chaotic pendulum it has three pieces and it’s unpredictable in which way they kind of twist and turn together we ideotape that and feed it into our randomness source as well in our Singapore office we have radioactive source that we use to feed into the randomness system as well so this is not just some stunt that we know we pulled it’s it’s actually you know being fed into our real systems whether anything in the world is truly random is arguably a question of philosophy and not science maybe everything is just complicated clockwork but these lava lamps are so chaotic that simulating that camera shot with perfect pixel accuracy far enough I had to be useful while figuring out everything else those images are being put through it’s roughly the same level of difficulty as just brute-forcing the encryption the first place and even if you could simulate all that you’d only have one piece of the puzzle these folks aren’t the first to do this lava round was patented by a company called Silicon Graphics in 1996 but that only lasted a couple of years now of course there are less flashy and more practical ways to generate random numbers but then I wouldn’t be here I would be at some other company who’ve gone and I don’t know pointed a camera at a basket of kittens that’ll be a bit high-maintenance though.