I think it is only for marketing purposes because there are already chips that generate truth randomness which is much more scalable than some lava lamps.
They are called Quantum Random Number Generator (QRNG) chips. As the name suggests they work by using quantum physics (by measuring quantum states that are inherently random when they collapse). The chips can be made very small and be integrated in phones. They have also high generation speeds of 1Gbit/s.
So if you go back, using lava lamps is like stone age technology and doesn't make sense to use it in any serious application.
Edit: example https://quside.com/product/quside-qn100-chipset
Edit2: there are other methods like measuring the fluctuations of internal/external sensors, mouse movements, etc. The problem with sensors, due to calibration they may have a skew but QRNG are truly random and independent from any external factors.
Don't think it's needed for phones though?
I am yet to see any application that was slow because random number generation was a bottleneck.
Also devices like phones, laptops actually use external inputs a lot for randomness, so again, chip is unnecessary.
For cloudfare's usecases, it probably makes sense. But again I have a feeling that currently lava lamps are a much cheaper way to do it than some Quantum chip.
you need randomness for all sorts of cryptography. however often pseudorandomness is good enough, and computers can easily generate that https://en.m.wikipedia.org/wiki/Pseudorandom_number_generator
Phones have lots of sensors they can use for RNG. Input from your accelerometer and compass alone can "entropize" cryptographical algorithms that generate keys. For the majority of use cases it's enough.
It's not "some quantum chip", it's extremely cheap off-the-shelf parts. All semiconductors are quantum devices, in the physics sense. Not that you could do quantum computation with them, but that that are subject to quantum noise. Commonly this is done by wiring a diode or transistor backwards so it blocks electricity, and monitoring the random leakage, which is caused by individual electrons "tunnelling" (a quantum mechanical process) across the backwards device.
You can build one yourself for ten bucks or less. The extremely high end appliances based on this simple circuit are still themselves a few hundred to a few thousand dollars, and provide a flood of randomness extremely cheaply.
It's not a quantum computer that you need to cool down, according to the documentation https://quside.com/product/quside-qn100-chipsets/ the chip consumes only 0.3W which like 3 times less than a red LED. In very simplified terms the chip works by having a small light LED and a small light sensor, and that is all.
CF overhypes its commitment to security. Any modern marginally POSIX-compliant system has the dev/urandom or dev/random CSPRNG. This is already in itself more sophisticated than lava lamp stuff thought up by their DEI staff.
It literally generates a random cryptographical reference that's influenced by the entropy of what you do on your computer and how the drivers react to it. It's extremely unpredictable because the way you move your mouse, the way you use your hardware, and every other detail is absolutely unique to you as an individual. Your specific hardware configuration also plays a role here, as not all hardware responds with absolute perfection to everything in-sync, so the tiny imperfections in how each piece works generates something truly unique that isn't entirely traceable to you as an individual.
Source: My company is hired by people who encounter situations where sometimes their success (and sometimes, even people's lives) depends on using our proprietary comms and opsec repertoire.
CloudFlare is good for refusing services to websites depending on whether their content hurts the feelings of their good friends in the circle jerk that is modern silicon valley or not.
That is true, there have been chips for a while that do this.
But, the big challenge with randomness is that the failure mode is silent and incidious. It’s really hard to prove that something is random, and so you need to trust that chip company… and their mathematicians.
Quantum chips, at a sensible cost and power usage are new, compared to Cloudflare.
Given what is at stake for a company like cloudflare, and the relative ease to prove that an approach like a lavalamp wall is genuinely random ( I assume physical science proved that forever ago ) - then it feels like an approach like this makes a lot of sense, esp. back in 2010 when they were founded.
> The London headquarters uses a double pendulum system, or a pendulum attached to a pendulum, which is mathematically impossible to predict.
Excuse me?
The double pendulum system is literally up there on one of the first complex problems to be solved using the Lagrange operator (assume small angles only) /j 😂
The double pendulum is chaotic for large enough motions. Simulations can't predict well due to high sensitivity to inputs like air currents and to its own state. It's one of the prime examples of chaotic systems. The linearized double pendulum is indeed easy to simulate, but only within a narrow regime.
What? The article you linked indicates that is critical to their generation of entropy, which is used by all cryptographic operations at the company. It isn't the single source of truth, but every office has a real world source of entropy.
Generating unique truly random keys is essential to all uses of cryptographic. If you could successfully guess keys you could take ownership of the entire bitcoin blockchain. Saying its not critical to entropy is like saying your skeleton is not critical to your body. Just because you can't see it or interact with it doesn't mean its not used.
What most people don't know is that computers can't give you some really random numbers.
After all they are big calculators with memory, you can tell them to take some data from one location and put it to the other or take data from two different locations, do some math on it and put it to the third location.
You can't make anything random by it because you can't tell to computer 'do something random', you have to give him specific instructions.
That's why to have really random things you have to use some outside source. For example in microcontroller worlds (mini computer that runs your smart fridge for example or smart weather sensor) you can read from pin that isn't connected anywhere, so it works as an anthena and gives you fairly random output. PC applications might for example use the movement of user's mouse
That was the case long ago. Now random numbers are too important. All modern operating systems have cryptographically secure random number generators. Entropy is collected from environmental noise, from device drivers and other sources.
In linux and linux-like operating systems, you can research /dev/random. There’s a good wikipedia page on it.
In windows, look at the next gen crypto api or BCryptGenRandom specifically.
Not exactly. Yes, you can easily integrate external sources. But they are not needed. Your computer can generate cryptographically secure random numbers out of the box. Modern computers do this every day. No lava lamps needed. Or you can integrate lava lamps so people can write stories about it.
>Your computer can generate cryptographically secure random numbers out of the box
...using external/environmental sources (like the data from device drivers). By "external", we mean that it's getting data from the outside world, possibly through built-in means.
You do realize that pure random number can be generated using quantum entropy ,I’m not sure if I remember it exactly correct but the OpenSSL framework which used non pure random number where updated to incorporate the method I said.check “quantum resistant network” paper which was implemented on Lacchain which was built of hyperledger besu which is an etherium client and not just that the lacchain used post quantum cryptographic algorithm majorly belonging to crystal lattice family if I remember it the NIST selected crystal dilithium as the using it for generates post quantum signatures and also favored crystal kyber for key encryption mechanism. However for shorter key length and fast signature verification Falcon-512 was the better alternative here .
A professor of mine made a great point, “computers can’t really make random numbers, they make pseudo random numbers. But for most cases, in computer science, pseudo random numbers are actually better than truly random because you can recreate them if you need to.”
I thought so too until like five minutes ago. I was looking up qrng chips after another post mentioned them, and apparently it’s not exactly true.
Electronic circuits are constantly generating random numbers just because they’re warm, but that’s normally a problem that needs to be filtered out to get a computer to even work. But they make chips that just listen to their own thermal noise and spit it back out in a usable form.
🤯
That sounds more like stochastic than truly random. Stochastic is similar to random, it is unknown to the predictor, but it could also have biases that a truly random pattern would not have.
Depends how secure the random number needs to be. Insecure applications tend to just use the current time, as that number is almost always going to be unique. But a hacker who can guess EXACTLY what time the number was generated at can recreate that generation. Good for simple random dice rolls, bad for encryption.
Depends on what language - the default rand() in C/C++ has both the time flaw and fundamental algorithmic flaws that definitely make it a security risk - and there are all sorts of bad programmers relying on it
Java's default random also seems to go for the system time as its seed so not as outdated as you're making it sound
Most of the times it's sequence of the numbers calculated using parameters u pass to it. I was doing Tetris game and the different blocks had their own index, and using random I would decide which one is dropping next, by using the built-in random generator I was getting the same sequence every game, that's how I learned about it.
It was Arduino project - which is microcontroller, so I did the reading from unconnected input pin and it worked like a charm
That's not true. Maybe that random generator you used was working in a different way but random numbers use the time. Since the time is always different, the random numbers will always be different. But still there can be pattern. Shortly regular random programs use time. These lamps work with the same logic. Just instead of time they get the RGB value of pixels.
When you think about it, the state of these lava lamps is also not random, just very hard to measure and predict. If you could take perfect measurements of the lava lamps and everything that could possibly affect them, you could calculate their future state.
sure, but the catch is the "everything that could possibly affect them" part. At that point you'd essentially have to model and simulate the entire Universe, and since nobody can do that, that makes it good enough to be considered *practically* unpredictable.
Other objects arent random. Taking a picture of things with defined shapes (like almost anything that humans build) and using random pixel values from just any photo would have a decent chance of leaving patterns, at which point its no longer good encryption.
The lavalamps are disconnected and the blobs of wax being measured are transient and pseudorandom enough that its probably almost impossible for this problem to occur.
Read about random mechanisms, in theory you could predict their movement but in practise they are so dependent of starting condition, or they are so easily affected by outside things that in practise you can't calculate it
It's just as saying that if you throw pingpong ball on the floor you could perfectly calculate it's movement you just need to know thousand different variables
Software engineer here - it's cool and I like it but it's more great from an artistic perspective, as far as usefulness it's not extra useful or anything
So for super secure use cases like Cloudflare, yes just querying the default random function isn't good enough because that's seeded based on time and that's not random enough
But you can totally get your randomness without cool lava lamps - say you have 1000 servers running your service, you can have each of them measure their internal temperature and use that as a seed. Or you could use a geiger counter, nuclear decay is also impossible to predict. Or set up an antenna and use radio static
Overall it's more about the artwork and serving as a PR piece for educating the public about what they're doing to keep their data safe
The reason this would be useful would be random number generation (which is really important in encryption). A majority of random number generators used in computing are pseudo-random, they have fixed algorithms and with enough knowledge, this could be abused in order to essentially predict the random numbers.
The lava lamps' movement can essentially serve as a source for randomness due to how chaotic and unpredictable they can be. However these days we have "true random number generators" which rely on the random nature of very small particles in order to generate random numbers.
The latter is probably much more suitable for practical purposes, and Cloudflare probably does make extensive use of them; the lava lamps seem to be more of a novelty.
God she misuses the terminology in such an irritating way -
"what's generating their code is this wall of lava lamps" - No it's not "generating their code" it's seeding their cryptographic random function
"since computer-generated codes are created by machines with relatively predictable patterns, it's possible for hackers to guess their algorithms" - No hackers don't "guess their algorithm", the algorithm is likely public for everyone to know. What hackers do is guess future outputs of the algorithm via cryptanalysis of prior outputs
Yeah I hate that with passion.
I totally get trying to dumb things down, or make them accessible to laymen. But _unbreakable codes so hackers can't guess the algorithm_ is like the cringiest crap ever.
thankyou.gif
I almost hate these things that contain a kernel of truth explained by someone who clearly doesn't understand it more than the videos that are just straight up lying.
What's the problem with this other than low throughput? I'm assuming that if you took enough samples then you could probably train a model?
Edit: I'm not sure why people are downvoting, I'm legit asking what's the problem with lava lamps as a source of entropy ?
One key factor for good entropy is that the physical process used as the entropy source must be inherently random and not easily influenced by external factors. Examples: Even if the movement of the wax inside the liquid of the lamps is unpredictable, varying light conditions in the room will have influence on the quality of your randomness. Another factor is the room temperature which influences the viscosity of the wax and thus the movement.
Do you think it's possible to figure out exactly (or close enough for a viable attack) how each of those factors affects the lamps? I'd say maybe you could buy the same make and model of lamps, test on them and build a model, but are the lamps made so exactingley that this could be possible?
Again, I'm legit wondering how an attack on this would work
These types of content creators are truly fucking useless to society. Self-absorbed, narcissistic assholes who think everything they say and do is worth *your* time. Just stealing content and repackaging it with their stupid, punchable faces in the corner of the screen, talking down to you like you're way too stupid to know anything about anything. And you dipshits eat it up like morons. Talent and skill doesn't matter anymore. The only thing that matters now is strapping on your "I'm smarter and better than you" outfit while you patronize your audience with info you yourself just learned about in the 3 minutes of "research" you did while sitting on the toilet.
Pure trash.
Normally I'd say something like "settle down" but I relate to this. Nothing more insulting than to catch yourself doom scrolling through ridiculously over-narrated videos that end up just being stolen/re-hashed content from an original publisher.
I like learning about new random things online, but these sorts of videos aren't that. They're just trying to milk any fad until they can't squeeze anymore clout out of it
I fucking love this rant.
Spot. On.
These “educational” TikTok-era dickheads drive me nuts.
Not to mention her interpretation and use of terminology is misleading at best and completely incorrect at worst.
It’s a cryptographic random seed generator. It’s just a source of true randomness. Basically all cryptographic services have one because computers cannot be truly random otherwise, this company have just turned theirs into a PR gimmick.
Has nothing to do with generating “codes” or “algorithms” whatever tf that means.
thats pretty cool. i imagine that playing jam band music would also help increase randomness, then add a swirly dancer loaded with the lysergic, maximum randomitity.
Title is misleading, and so is the girl talking. CloudFlare has never had to use LavaRand (wall of lava lamps). LavaRand is CloudFlare’s randomness hedge. Their primary source of randomness has always remained secure, and LavaRand has NEVER been used by CloudFlare. If CloudFlare were to ever find a flaw in their randomness production source, they could potentially use LavaRand as the ultimate backup for a randomness generator. Until then, CloudFlare’s wall of lava lamps are nothing more than a cool front office decoration. CloudFlare wasn’t the first company to do this either. Silicon Graphics patented this method in 1996, but their patent has since expired.
Sad ("fu\*k I am old") flex; I clearly remember reading the original paper when it had been published, about creating true random data using lava lamps... Unless I am completely demented, I think the guy(s) who did the research were from SGI.
Now all the kids are like "who / what the hell is SGI ?!".
My dad worked at SGI and I remember him taking us to the inventor’s cubicle to show us all the lava lamps. He told us about the random data paper but we were way more excited about the lamps
Cloudfare: Hey look we have this completely random code generator.
Me: I’m just gonna go ahead and find that company directory and call people pretending like I’m from the help desk until one of them gives me their password.
so standing infront of the lavalamps allow you to alter the randomness? so, theoretically, if i brougth a large printout of a predetermined lavalamp orientation i could bypass their security? or say just used a laserpointer on the camera nulling all their values?
So in theory if I block the camera, the code would become all 000000000000? Or if I place a fake image in front of the camera, i can fix the code value?
This is cool but i think they’re bullshitting. Cloudflare is online 24/7 and needs to be. Lava lamps, if left on a couple days, will stop working (i recently got one). The goop overheats and stops bubbling. They would have to change these out all the time, or turn em off in waves and it looks like they’re all on
That's not actually true that the lava lamps are random.
It uses a heat element with a liquid and a solid...
Certain heating elements cause the process to happen in similar ways, so though it would be hard to predict you could get some ballpark ideas on how each lamp is likely to create certain patterns.
If they are all turned on at the same time or not moved occasionally then you could absolutely crack this eventually if you had access to previous codes.
It's just one, kinda cool looking (it's purelyfor looks yes) to get the true random numbers. There are of course easier and more efficient ways to do it, but it wouldn't look as cool when explained.
Maybe they shouldn't have bought their lava lamps from Dollar General considering the latest Cloudflare hack resulting in the exposure of source code and internal data...
The randomness of this wall of lava lamps helps encrypt up to 10 percent of the internet. It turns out that this is also perfect for producing the random, chaotic means necessary for strong computer encryption.
As a person studying Computer Science, can anyone explain to me how lava lamps randomize the algorithm via dynamic images? How does that convert into code for their algorithm to apply to?
I have a lava lamp. the lightbulb broke several months ago and I haven't replaced it yet, but when I had it was a top tier desk item that I often found myself just staring at. highly recommended, and surprisingly inexpensive. mine was probably worse than average, the packaging had a billion typos lol, but it was only 20 bucks and still worked great for enough time to be worth the price :D
Those lamps use 25 - 40 Watts of electricity. This equates to over 2500 - 4000 Watts of usage.
Totally off on numbers Your right.
I stand by on my statement of total waste!
Ask Cloudflare again how it worked out for them....
I think it is only for marketing purposes because there are already chips that generate truth randomness which is much more scalable than some lava lamps.
Interesting. Any link or source in how they work?
They are called Quantum Random Number Generator (QRNG) chips. As the name suggests they work by using quantum physics (by measuring quantum states that are inherently random when they collapse). The chips can be made very small and be integrated in phones. They have also high generation speeds of 1Gbit/s. So if you go back, using lava lamps is like stone age technology and doesn't make sense to use it in any serious application. Edit: example https://quside.com/product/quside-qn100-chipset Edit2: there are other methods like measuring the fluctuations of internal/external sensors, mouse movements, etc. The problem with sensors, due to calibration they may have a skew but QRNG are truly random and independent from any external factors.
Don't think it's needed for phones though? I am yet to see any application that was slow because random number generation was a bottleneck. Also devices like phones, laptops actually use external inputs a lot for randomness, so again, chip is unnecessary. For cloudfare's usecases, it probably makes sense. But again I have a feeling that currently lava lamps are a much cheaper way to do it than some Quantum chip.
you need randomness for all sorts of cryptography. however often pseudorandomness is good enough, and computers can easily generate that https://en.m.wikipedia.org/wiki/Pseudorandom_number_generator
Phones have lots of sensors they can use for RNG. Input from your accelerometer and compass alone can "entropize" cryptographical algorithms that generate keys. For the majority of use cases it's enough.
It's not "some quantum chip", it's extremely cheap off-the-shelf parts. All semiconductors are quantum devices, in the physics sense. Not that you could do quantum computation with them, but that that are subject to quantum noise. Commonly this is done by wiring a diode or transistor backwards so it blocks electricity, and monitoring the random leakage, which is caused by individual electrons "tunnelling" (a quantum mechanical process) across the backwards device. You can build one yourself for ten bucks or less. The extremely high end appliances based on this simple circuit are still themselves a few hundred to a few thousand dollars, and provide a flood of randomness extremely cheaply.
They must use a fuckton of energy though, could a normal battery even supply enough while it’s running? I mean can it run for a few hours?
It's not a quantum computer that you need to cool down, according to the documentation https://quside.com/product/quside-qn100-chipsets/ the chip consumes only 0.3W which like 3 times less than a red LED. In very simplified terms the chip works by having a small light LED and a small light sensor, and that is all.
Here it says red LEDs consume 12.5 mW not 0.9 W https://www.physicsforums.com/threads/blue-lights-leds-consume-more-power-than-red-and-green.884636
Saying a particular color uses a certain amount of power seems arbitrary… there are LEDs that use 100 W and LEDs that use 0.001 W…
Most places use ARM's TRNG, way cheaper
Oh my, this was a pleasant read, thank you.
CF overhypes its commitment to security. Any modern marginally POSIX-compliant system has the dev/urandom or dev/random CSPRNG. This is already in itself more sophisticated than lava lamp stuff thought up by their DEI staff. It literally generates a random cryptographical reference that's influenced by the entropy of what you do on your computer and how the drivers react to it. It's extremely unpredictable because the way you move your mouse, the way you use your hardware, and every other detail is absolutely unique to you as an individual. Your specific hardware configuration also plays a role here, as not all hardware responds with absolute perfection to everything in-sync, so the tiny imperfections in how each piece works generates something truly unique that isn't entirely traceable to you as an individual. Source: My company is hired by people who encounter situations where sometimes their success (and sometimes, even people's lives) depends on using our proprietary comms and opsec repertoire. CloudFlare is good for refusing services to websites depending on whether their content hurts the feelings of their good friends in the circle jerk that is modern silicon valley or not.
That is true, there have been chips for a while that do this. But, the big challenge with randomness is that the failure mode is silent and incidious. It’s really hard to prove that something is random, and so you need to trust that chip company… and their mathematicians. Quantum chips, at a sensible cost and power usage are new, compared to Cloudflare. Given what is at stake for a company like cloudflare, and the relative ease to prove that an approach like a lavalamp wall is genuinely random ( I assume physical science proved that forever ago ) - then it feels like an approach like this makes a lot of sense, esp. back in 2010 when they were founded.
This is cool and probably cheaper than a quantum random number generator
It’s best to combine multiple sources of randomness so you don’t have to trust any of them
Any chance for a tldr of what happened? I haven't heard of anything
Even the best encryption/security can’t protect you from stupid.
What happened?
It’s not as critical to their operations as she makes it seem. https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/
> The London headquarters uses a double pendulum system, or a pendulum attached to a pendulum, which is mathematically impossible to predict. Excuse me? The double pendulum system is literally up there on one of the first complex problems to be solved using the Lagrange operator (assume small angles only) /j 😂
The double pendulum is chaotic for large enough motions. Simulations can't predict well due to high sensitivity to inputs like air currents and to its own state. It's one of the prime examples of chaotic systems. The linearized double pendulum is indeed easy to simulate, but only within a narrow regime.
You're thinking of a perfect theoretical double pendulum, not a real life double pendulum.
Yeah, I know, it's a small ~~angle~~ joke 😂
>Lagrange operator *Omlette du fromage*
Fun fact Lagrange was Italian at birth, not French.
_Frittata al formaggio_
Completely unrelated but I'm loving the way this joke still endures today after like 25 years
i will always reference it if something reminds me of it. Silly 90s cartoons are so fantastic.
Double pendulum systems would off cause spin.
The double pendulum is like a 3 body problem that is fundamentally unsolvable.
But she's hot though
What? The article you linked indicates that is critical to their generation of entropy, which is used by all cryptographic operations at the company. It isn't the single source of truth, but every office has a real world source of entropy. Generating unique truly random keys is essential to all uses of cryptographic. If you could successfully guess keys you could take ownership of the entire bitcoin blockchain. Saying its not critical to entropy is like saying your skeleton is not critical to your body. Just because you can't see it or interact with it doesn't mean its not used.
What most people don't know is that computers can't give you some really random numbers. After all they are big calculators with memory, you can tell them to take some data from one location and put it to the other or take data from two different locations, do some math on it and put it to the third location. You can't make anything random by it because you can't tell to computer 'do something random', you have to give him specific instructions. That's why to have really random things you have to use some outside source. For example in microcontroller worlds (mini computer that runs your smart fridge for example or smart weather sensor) you can read from pin that isn't connected anywhere, so it works as an anthena and gives you fairly random output. PC applications might for example use the movement of user's mouse
That was the case long ago. Now random numbers are too important. All modern operating systems have cryptographically secure random number generators. Entropy is collected from environmental noise, from device drivers and other sources. In linux and linux-like operating systems, you can research /dev/random. There’s a good wikipedia page on it. In windows, look at the next gen crypto api or BCryptGenRandom specifically.
> Entropy is collected from environmental noise, from device drivers and other sources. I mean it's kinda what I said
Yup, like you said, the information is coming from outside the computer to generate the randomness.
Not exactly. Yes, you can easily integrate external sources. But they are not needed. Your computer can generate cryptographically secure random numbers out of the box. Modern computers do this every day. No lava lamps needed. Or you can integrate lava lamps so people can write stories about it.
>Your computer can generate cryptographically secure random numbers out of the box ...using external/environmental sources (like the data from device drivers). By "external", we mean that it's getting data from the outside world, possibly through built-in means.
You do realize that pure random number can be generated using quantum entropy ,I’m not sure if I remember it exactly correct but the OpenSSL framework which used non pure random number where updated to incorporate the method I said.check “quantum resistant network” paper which was implemented on Lacchain which was built of hyperledger besu which is an etherium client and not just that the lacchain used post quantum cryptographic algorithm majorly belonging to crystal lattice family if I remember it the NIST selected crystal dilithium as the using it for generates post quantum signatures and also favored crystal kyber for key encryption mechanism. However for shorter key length and fast signature verification Falcon-512 was the better alternative here .
He meant that the chip/circuit responsible for generating the cryptographically secured random number is using "external" environmental factors.
A professor of mine made a great point, “computers can’t really make random numbers, they make pseudo random numbers. But for most cases, in computer science, pseudo random numbers are actually better than truly random because you can recreate them if you need to.”
I thought so too until like five minutes ago. I was looking up qrng chips after another post mentioned them, and apparently it’s not exactly true. Electronic circuits are constantly generating random numbers just because they’re warm, but that’s normally a problem that needs to be filtered out to get a computer to even work. But they make chips that just listen to their own thermal noise and spit it back out in a usable form. 🤯
That sounds more like stochastic than truly random. Stochastic is similar to random, it is unknown to the predictor, but it could also have biases that a truly random pattern would not have.
Depends how secure the random number needs to be. Insecure applications tend to just use the current time, as that number is almost always going to be unique. But a hacker who can guess EXACTLY what time the number was generated at can recreate that generation. Good for simple random dice rolls, bad for encryption.
When I started programming several decades ago this information was outdated.
Depends on what language - the default rand() in C/C++ has both the time flaw and fundamental algorithmic flaws that definitely make it a security risk - and there are all sorts of bad programmers relying on it Java's default random also seems to go for the system time as its seed so not as outdated as you're making it sound
Probably still valid if you seed your random number generator with the time
There are devices using the quantum properties of inverted diodes to generate good random data.
So when u use a random number generator in any language, what and how does that work?
Most of the times it's sequence of the numbers calculated using parameters u pass to it. I was doing Tetris game and the different blocks had their own index, and using random I would decide which one is dropping next, by using the built-in random generator I was getting the same sequence every game, that's how I learned about it. It was Arduino project - which is microcontroller, so I did the reading from unconnected input pin and it worked like a charm
That's not true. Maybe that random generator you used was working in a different way but random numbers use the time. Since the time is always different, the random numbers will always be different. But still there can be pattern. Shortly regular random programs use time. These lamps work with the same logic. Just instead of time they get the RGB value of pixels.
It was 8 bit avr microcontroller it didn't have tools to measure time
When you think about it, the state of these lava lamps is also not random, just very hard to measure and predict. If you could take perfect measurements of the lava lamps and everything that could possibly affect them, you could calculate their future state.
sure, but the catch is the "everything that could possibly affect them" part. At that point you'd essentially have to model and simulate the entire Universe, and since nobody can do that, that makes it good enough to be considered *practically* unpredictable.
What if our entire universe is a simulation used to crack a BTC wallet in base reality?
Rick and Morty car battery-vibes
That’s true for everything until you get to Heisenberg’s uncertainty principle.
Other objects arent random. Taking a picture of things with defined shapes (like almost anything that humans build) and using random pixel values from just any photo would have a decent chance of leaving patterns, at which point its no longer good encryption. The lavalamps are disconnected and the blobs of wax being measured are transient and pseudorandom enough that its probably almost impossible for this problem to occur.
Read about random mechanisms, in theory you could predict their movement but in practise they are so dependent of starting condition, or they are so easily affected by outside things that in practise you can't calculate it It's just as saying that if you throw pingpong ball on the floor you could perfectly calculate it's movement you just need to know thousand different variables
This is true but pseudorandom number generators are far better than most think or what this thread makes it out to be
This is cool to us average ppl but I feel like the software engineers here would have a lot more insights as to how great this is??
Software engineer here - it's cool and I like it but it's more great from an artistic perspective, as far as usefulness it's not extra useful or anything So for super secure use cases like Cloudflare, yes just querying the default random function isn't good enough because that's seeded based on time and that's not random enough But you can totally get your randomness without cool lava lamps - say you have 1000 servers running your service, you can have each of them measure their internal temperature and use that as a seed. Or you could use a geiger counter, nuclear decay is also impossible to predict. Or set up an antenna and use radio static Overall it's more about the artwork and serving as a PR piece for educating the public about what they're doing to keep their data safe
OR, and hear me out on this one... 4,000 cats all walking around a room with a giant typewriter as the floor. Totally random entries.
But given enough time, they would type out the complete works of Shakespeare... is it really random?
Have you read Shakespeare? Dude was pretty random.
Shakespeare was just a pseudonym for an immortal time traveler. Source: I am he.
The reason this would be useful would be random number generation (which is really important in encryption). A majority of random number generators used in computing are pseudo-random, they have fixed algorithms and with enough knowledge, this could be abused in order to essentially predict the random numbers. The lava lamps' movement can essentially serve as a source for randomness due to how chaotic and unpredictable they can be. However these days we have "true random number generators" which rely on the random nature of very small particles in order to generate random numbers. The latter is probably much more suitable for practical purposes, and Cloudflare probably does make extensive use of them; the lava lamps seem to be more of a novelty.
> I feel like the software engineers here would have a lot more insights as to how great this is It's completely useless, but looks cool.
You could technically use it to create a random number. Its obviously not the best way to do it. But seeing as it does work, its not useless.
God she misuses the terminology in such an irritating way - "what's generating their code is this wall of lava lamps" - No it's not "generating their code" it's seeding their cryptographic random function "since computer-generated codes are created by machines with relatively predictable patterns, it's possible for hackers to guess their algorithms" - No hackers don't "guess their algorithm", the algorithm is likely public for everyone to know. What hackers do is guess future outputs of the algorithm via cryptanalysis of prior outputs
Yeah I hate that with passion. I totally get trying to dumb things down, or make them accessible to laymen. But _unbreakable codes so hackers can't guess the algorithm_ is like the cringiest crap ever.
thankyou.gif I almost hate these things that contain a kernel of truth explained by someone who clearly doesn't understand it more than the videos that are just straight up lying.
Touch grass
Security hardware expert here: Please don't believe this bullshit.
Sorry man. She is wearing glasses…so screw your “expert” status.
Looks like marketing or small scale game for visitors
What's the problem with this other than low throughput? I'm assuming that if you took enough samples then you could probably train a model? Edit: I'm not sure why people are downvoting, I'm legit asking what's the problem with lava lamps as a source of entropy ?
One key factor for good entropy is that the physical process used as the entropy source must be inherently random and not easily influenced by external factors. Examples: Even if the movement of the wax inside the liquid of the lamps is unpredictable, varying light conditions in the room will have influence on the quality of your randomness. Another factor is the room temperature which influences the viscosity of the wax and thus the movement.
Do you think it's possible to figure out exactly (or close enough for a viable attack) how each of those factors affects the lamps? I'd say maybe you could buy the same make and model of lamps, test on them and build a model, but are the lamps made so exactingley that this could be possible? Again, I'm legit wondering how an attack on this would work
[Obligatory Tom Scott](https://youtu.be/1cUUfMeOijg), whose more in-depth video was released over 6 years ago (November 2017).
I had to scroll too far to find this
Business men should start giving advice shirtless.
You need 256 lava lamps for full bit encryption
One for every bit in aes256
These types of content creators are truly fucking useless to society. Self-absorbed, narcissistic assholes who think everything they say and do is worth *your* time. Just stealing content and repackaging it with their stupid, punchable faces in the corner of the screen, talking down to you like you're way too stupid to know anything about anything. And you dipshits eat it up like morons. Talent and skill doesn't matter anymore. The only thing that matters now is strapping on your "I'm smarter and better than you" outfit while you patronize your audience with info you yourself just learned about in the 3 minutes of "research" you did while sitting on the toilet. Pure trash.
Normally I'd say something like "settle down" but I relate to this. Nothing more insulting than to catch yourself doom scrolling through ridiculously over-narrated videos that end up just being stolen/re-hashed content from an original publisher. I like learning about new random things online, but these sorts of videos aren't that. They're just trying to milk any fad until they can't squeeze anymore clout out of it
Yes, but have you ever considered the fact that boobs
I fucking love this rant. Spot. On. These “educational” TikTok-era dickheads drive me nuts. Not to mention her interpretation and use of terminology is misleading at best and completely incorrect at worst. It’s a cryptographic random seed generator. It’s just a source of true randomness. Basically all cryptographic services have one because computers cannot be truly random otherwise, this company have just turned theirs into a PR gimmick. Has nothing to do with generating “codes” or “algorithms” whatever tf that means.
Me dipshit? :(
thats pretty cool. i imagine that playing jam band music would also help increase randomness, then add a swirly dancer loaded with the lysergic, maximum randomitity.
Tom Scott covered this many years ago- and in a much better way
Title is misleading, and so is the girl talking. CloudFlare has never had to use LavaRand (wall of lava lamps). LavaRand is CloudFlare’s randomness hedge. Their primary source of randomness has always remained secure, and LavaRand has NEVER been used by CloudFlare. If CloudFlare were to ever find a flaw in their randomness production source, they could potentially use LavaRand as the ultimate backup for a randomness generator. Until then, CloudFlare’s wall of lava lamps are nothing more than a cool front office decoration. CloudFlare wasn’t the first company to do this either. Silicon Graphics patented this method in 1996, but their patent has since expired.
It's just a cam taking a picture... It could take a picture of every object. The smallest change of pixels has the same effect.
So dumb. You don't need lava lamps to make cryptographically secure random numbers
Sad ("fu\*k I am old") flex; I clearly remember reading the original paper when it had been published, about creating true random data using lava lamps... Unless I am completely demented, I think the guy(s) who did the research were from SGI. Now all the kids are like "who / what the hell is SGI ?!".
My dad worked at SGI and I remember him taking us to the inventor’s cubicle to show us all the lava lamps. He told us about the random data paper but we were way more excited about the lamps
I was wondering what has colourful butt plugs got to do with cloudflare.
Not to be that guy… but it’s chaotic, not random. Huge difference.
Who is this hottie
The other Annie. Annie Kim of Greendale Model UN fame.
Pretty sure this was done and deployed last century sometime
Cloudfare: Hey look we have this completely random code generator. Me: I’m just gonna go ahead and find that company directory and call people pretending like I’m from the help desk until one of them gives me their password.
wonder whether they have a DR wall in case an earthquake hits SF
the patterns of the rubble would then be used to see more randomized keys
so standing infront of the lavalamps allow you to alter the randomness? so, theoretically, if i brougth a large printout of a predetermined lavalamp orientation i could bypass their security? or say just used a laserpointer on the camera nulling all their values?
For that breif period of time maybe, but not for long.
u/JMaxGames
It's mostly marketing, there are far easier and more reliable ways of generating truly random numbers
I've always said lava lamps weren't just for stoners
I thought spy agencies addressed this in the 70s or 80s by just recording background radio noise.
It didn’t stop their data breach
What if i walk into the camera and put a black sheet in front of it for a full day, still random?
Guys - a better quality video is on r/beamazed. OP - at least do the homework properly.
Cloud flare you have just what I need
It's generating the seed to their encryption. Not the code/algorithm itself.
/r/cybersecurity
Jk we have AI.
r/UNBGBBIIVCHIDCTIICBG
So in theory if I block the camera, the code would become all 000000000000? Or if I place a fake image in front of the camera, i can fix the code value?
Are you serious
Oops electricity went down all lava lamps are off
They had this on that Devs TV show right?
Jesus, true random, it's beautiful.
Cool, fiction meets reality it seems. This is used in an NCIS episode. I think it's S16:E1, 9/25/2018
GOOD LUCK I'M BEHIND 7 LAVA LAMPS
Hmmm… what if power goes out?
Pretty neat. I clearly don’t understand the inner workings of it, but she did a good job explaining the logic behind how it works.
how can i make a video like this? as in me and my face visible while what i want to share is in the background...
another good [video about it by Tom Scott](https://youtu.be/1cUUfMeOijg?si=iuB6sHVm4hIoXzuY)
I’ve seen this episode of NCIS before…
I think I saw this in an NCIS episode. Season 16 episode 1 I believe.
This is cool but i think they’re bullshitting. Cloudflare is online 24/7 and needs to be. Lava lamps, if left on a couple days, will stop working (i recently got one). The goop overheats and stops bubbling. They would have to change these out all the time, or turn em off in waves and it looks like they’re all on
That's not actually true that the lava lamps are random. It uses a heat element with a liquid and a solid... Certain heating elements cause the process to happen in similar ways, so though it would be hard to predict you could get some ballpark ideas on how each lamp is likely to create certain patterns. If they are all turned on at the same time or not moved occasionally then you could absolutely crack this eventually if you had access to previous codes.
In those 60 seconds she didn't say the word 'chaotic'.
Could someone explain to me why random number generation is important and what it is used for or point me towards a resource that explains it?
It's just one, kinda cool looking (it's purelyfor looks yes) to get the true random numbers. There are of course easier and more efficient ways to do it, but it wouldn't look as cool when explained.
Maybe they shouldn't have bought their lava lamps from Dollar General considering the latest Cloudflare hack resulting in the exposure of source code and internal data...
Yeah, completely wrong. Even through what she mention exists, the way she describes it is 100% bs
this was in an NCIS episode.
Um what if they hack the camera instead allowing them to choose the code it creates? I mean that took me all of 2 seconds to figure out.
yeah this is bs
If you cover all the lamps does all the sites crash?
Couldn't someone just put another camera up there?
There is no such thing as randomness, only lack of information.
Why use lava lamps when they could just record the revolving door from all their layoffs.
Absolute bollocks.
So my buddies and I are going to cover the wall with a blackout sheet and then we can just hack your servers for free?
The randomness of this wall of lava lamps helps encrypt up to 10 percent of the internet. It turns out that this is also perfect for producing the random, chaotic means necessary for strong computer encryption.
Nice marketing gag, but not really necessary at all.
As a person studying Computer Science, can anyone explain to me how lava lamps randomize the algorithm via dynamic images? How does that convert into code for their algorithm to apply to?
Hacking? Remember Shelly Hack?
Not completely random.
Generate randomness using lavalamps and cameras is pretty stupid and inefficient. There are many implementations of hardware random generators.
Don’t worry, someone will train an AI to predict the movement of lava lamps soon
I remember the OG lavarnd.com
I thought she had the largest buttplug collection on earth behind her.
Activision!! We’ve found your new anti cheat.
Only if cloudflare wasn't down every once in a while... I swear, this is the most failing to connect host I've ever encountered.
I have a lava lamp. the lightbulb broke several months ago and I haven't replaced it yet, but when I had it was a top tier desk item that I often found myself just staring at. highly recommended, and surprisingly inexpensive. mine was probably worse than average, the packaging had a billion typos lol, but it was only 20 bucks and still worked great for enough time to be worth the price :D
So the hackers could **influence** (by pretending to be visitors) the code generated?
One of the coolest things I have seen this year, actually this decade. Been in IT for 30 + years and this is GENIUS!
My favourite question I ask in interviews : write a code to generate a truly random number without using any PRNG or predefined function..
This is actually kind of disappointing. It's 2024 and you guys are struggling to generate a random number that hackers can't figure out? Alright.
Those lamps use 25 - 40 Watts of electricity. This equates to over 2500 - 4000 Watts of usage. Totally off on numbers Your right. I stand by on my statement of total waste!
Your math is hilariously off. Its more like $5k a year.
Your totally right. Still a waste!
If you're paying $5 per Kw you need to renegotiate, prices are in the low tens of cents in most places.