Cloudflare has revealed an interesting way to ensure randomness when generating encryption keys -- lava lamps.
Cloudflare is a DNS service which also offers distributed denial-of-service (DDoS) attack protection, security, free SSL, encryption, and domain name services.
Encryption is a hot topic today. While law enforcement
often clashes with technology providers over backdoors and strong encryption getting in the way of cracking criminal cases, online, encryption can keep communication, payments, and accounts secure.
Cloudflare is known for providing good standards of encryption, but it seems the secret is out -- this reputation is built in part on lava lamps.
As
first reported by Gizmodo, YouTuber Tom Scott was able to visit the San Francisco headquarters of the company in order to gaze at a wall of 100 lava lamps -- most often found in child bedrooms -- which were mounted at the office.
Roughly 10 percent of the Internet's traffic passes through Cloudflare, and as the firm deals with so much encrypted traffic, many random numbers are required.
According to Nick Sullivan, Cloudfare's head of cryptography, this is where the lava lamps shine.
Instead of relying on code to generate these numbers for cryptographic purposes, the lava lamps and the random lights, swirling blobs and movements are recorded and photographs are taken.
This footage is then turned into a "stream of random, unpredictable bytes," according to Sullivan.
"This unpredictable data is what we use to help create the keys that encrypt the traffic that flows through Cloudflare's network," the executive added.
The information is then fed into a data center and Linux kernels which then seed random number generators used to create keys to encrypt traffic.
"Every time you take a picture with a camera there's going to be some sort of static, some sort of noise," Sullivan said. "So it's not only just where the bubbles are flowing through the lava lamp; it is the state of the air, the ambient light -- every tiny change impacts the stream of data."
This is not the only way that Cloudflare generates randomness. In the firm's London office, there is something called a "chaotic pendulum" which has three components that unpredictably twist and turn together, and in Singapore, the company uses a radioactive source.
Whether or not anything is truly random is up for debate, but the more random a cryptographic key, the more difficult it is to brute-force, guess, or crack -- especially if you use out-of-the-box ideas like lava lamp movements which are almost impossible to replicate.