created, $=dv.current().file.ctime & modified, =this.modified
tags: Computers
As one might expect, lava lamps are consistently random. The “lava” in a lava lamp never takes the same shape twice, and as a result, observing a group of lava lamps is a great source for random data.
Cloudflare refers to the lava lamp wall as the “Wall of Entropy.”
To collect this data, Cloudflare has arranged about 100 lava lamps on one of the walls in the lobby of the Cloudflare headquarters and mounted a camera pointing at the lamps. The camera takes photos of the lamps at regular intervals and sends the images to Cloudflare servers. All digital images are really stored by computers as a series of numbers, with each pixel having its own numerical value, and so each image becomes a string of totally random numbers that the Cloudflare servers can then use as a starting point for creating secure encryption keys.
With the lava lamps, Cloudflare has a continual source for new cryptographic seed data. Each image the camera takes of the lamps is different, resulting in a different random sequence of numerical values that can be used as a seed.
Hypothetical security issues
- An attacker could train a camera on the wall of lava lamps, attempting to reproduce the image captured by our camera.
- An attacker could reduce the entropy from the wall of lava lamps by turning off the power to the lamps, shining a bright light at the camera, placing a lens cap on the camera, or any number of other physical attacks.
- An attacker able to compromise the camera could exfiltrate or modify the feed of frames from the camera, replicating or controlling the entropy source used by the server in the office.
- An attacker with code running on the office server could observe or modify the output of the entropy feed generated by that server.
- An attacker with code running in the production service could observe or modify the output of the entropy feed generated by that service.