Cloudflare uses lava lamps as a random number generator (opens in new tab)

(fastcodesign.com)

43 pointsdethi8y ago11 comments

11 comments

antonvs8y ago

I'm now looking forward to a future article from security researchers:

"Prediction of a random stream from a lava lamp model constructed from entropic data inferred from encrypted packets"

Chaebixi8y ago

So they created a giant side-channel by putting their entropy-source next to a public window?

CorvusCrypto8y ago

I'm guessing they use this alongside CSPRNGs. Would make sense given the theorem that states any random number XORed with even highly-ordered input maintains its entropy.

londons_explore8y ago

There are lots of people in the crypto world who have serious issues with XORing random sources together.

I haven't yet seen a good argument why it's a bad idea, and part of me thinks it might be a way to get more software using "rdrand" or other insecure sources unmodified.

1 more reply

CodeWriter238y ago

Pretty sure an attacker would have to observe the array from the same point of perspective as the camera to mount a successful side channel attack.

serf8y ago

don't forget the room heating. I'm sure a wall of of 25-100w incandescents can get pretty toasty.

very green.

ScottBurson8y ago

I would use plasma spheres (e.g. [0], but there are lots of them out there). A single plasma sphere generates a visual display that changes much faster and is much less predictable moment-to-moment than a lava lamp -- so you wouldn't need nearly so many of them -- and uses much less power into the bargain.

[0] https://www.scientificsonline.com/product/nebula-plasma-ball

wellboy8y ago

Is this a perfect rng at the current state of technology? If not, why and are there currently perfect ones. What would an rng require to be perfect?

jmcguckin8y ago

Nothing new here, move along.

This was first done by SGI ages ago...

joe

joezydeco8y ago

Article+Cloudflare acknowledges this (although they credit Sun not SGI)

j / k navigate · click thread line to collapse