Lava lamps at some point in time were an extremely popular piece of home decoration, but fast forward to today, it seems that these groovy pieces of home furnishing has found a new lease on life: protecting part of the internet. Wait, what? Yup, you read that right, because the folks at Cloudflare have found a way to utilize these lava lamps to protect the internet.

In a post on their blog, Cloudflare reveals that they use the randomness of the “bubbles” emitted by these lava lamps to help generate encryption keys. Basically the idea is that these randomness cannot be predicted, which means that unlike passwords that can sometimes be guessed, it would be close to impossible to try and predict the pattern that this wall of lava lamps generates.

According to Cloudflare, “In short, LavaRand is a system that provides an additional entropy source to our production machines. In the lobby of our San Francisco office, we have a wall of lava lamps (pictured above). A video feed of this wall is used to generate entropy that is made available to our production fleet.” They add:

The flow of the “lava” in a lava lamp is very unpredictable,6 and so the entropy in those lamps is incredibly high. Even if we conservatively assume that the camera has a resolution of 100×100 pixels (of course it’s actually much higher) and that an attacker can guess the value of any pixel of that image to within one bit of precision (e.g., they know that a particular pixel has a red value of either 123 or 124, but they aren’t sure which it is), then the total amount of entropy produced by the image is 100x100x3 = 30,000 bits (the x3 is because each pixel comprises three values – a red, a green, and a blue channel). This is orders of magnitude more entropy than we need.

As Cloudflare notes, this is not the first time that lava lamps have been used in this manner. The first such system was created by Silicon Graphics and patented back in 1996, but it is certainly a unique idea. For more details about encryption and the LavaRand system, head on over to Cloudflare’s website.

Filed in General. Read more about hack, Security and _cold.

User Comments