Cloudflare uses lava lamps as a random number generator (opens in new tab)

(fastcodesign.com)

43 pointsdethi8y ago11 comments

11 comments

11 comments · 5 top-level

Chaebixi8y ago· 5 in thread

So they created a giant side-channel by putting their entropy-source next to a public window?

I'm guessing they use this alongside CSPRNGs. Would make sense given the theorem that states any random number XORed with even highly-ordered input maintains its entropy.

londons_explore8y ago

There are lots of people in the crypto world who have serious issues with XORing random sources together.

I haven't yet seen a good argument why it's a bad idea, and part of me thinks it might be a way to get more software using "rdrand" or other insecure sources unmodified.

CorvusCrypto8y ago

I think the bad idea stigma stems from people XORing from the same source. That totally is a bad idea, but if two sources are wholly independent, the maximum entropy in the combined systems is maintained.

To the people that just say it's never a good idea and scoff at any reasoning I'd remind them about OTPs. They are a special case related to this principle of XORing two independent sources together where only one input is random and it is proven mathematically to work.

CodeWriter238y ago

Pretty sure an attacker would have to observe the array from the same point of perspective as the camera to mount a successful side channel attack.

serf8y ago

don't forget the room heating. I'm sure a wall of of 25-100w incandescents can get pretty toasty.

very green.

jmcguckin8y ago· 1 in thread

Nothing new here, move along.

This was first done by SGI ages ago...

joe

joezydeco8y ago

Article+Cloudflare acknowledges this (although they credit Sun not SGI)

antonvs8y ago

I'm now looking forward to a future article from security researchers:

"Prediction of a random stream from a lava lamp model constructed from entropic data inferred from encrypted packets"

ScottBurson8y ago

I would use plasma spheres (e.g. [0], but there are lots of them out there). A single plasma sphere generates a visual display that changes much faster and is much less predictable moment-to-moment than a lava lamp -- so you wouldn't need nearly so many of them -- and uses much less power into the bargain.

[0] https://www.scientificsonline.com/product/nebula-plasma-ball

wellboy8y ago

Is this a perfect rng at the current state of technology? If not, why and are there currently perfect ones. What would an rng require to be perfect?

j / k navigate · click thread line to collapse

11 comments

11 comments · 5 top-level

Chaebixi8y ago· 5 in thread

So they created a giant side-channel by putting their entropy-source next to a public window?

CorvusCrypto8y ago

I'm guessing they use this alongside CSPRNGs. Would make sense given the theorem that states any random number XORed with even highly-ordered input maintains its entropy.

londons_explore8y ago

There are lots of people in the crypto world who have serious issues with XORing random sources together.

I haven't yet seen a good argument why it's a bad idea, and part of me thinks it might be a way to get more software using "rdrand" or other insecure sources unmodified.

CorvusCrypto8y ago

CodeWriter238y ago

Pretty sure an attacker would have to observe the array from the same point of perspective as the camera to mount a successful side channel attack.

serf8y ago

don't forget the room heating. I'm sure a wall of of 25-100w incandescents can get pretty toasty.

very green.

jmcguckin8y ago· 1 in thread

Nothing new here, move along.

This was first done by SGI ages ago...

joe

joezydeco8y ago

Article+Cloudflare acknowledges this (although they credit Sun not SGI)

antonvs8y ago

I'm now looking forward to a future article from security researchers:

"Prediction of a random stream from a lava lamp model constructed from entropic data inferred from encrypted packets"

ScottBurson8y ago

[0] https://www.scientificsonline.com/product/nebula-plasma-ball

wellboy8y ago

Is this a perfect rng at the current state of technology? If not, why and are there currently perfect ones. What would an rng require to be perfect?

j / k navigate · click thread line to collapse