|
Listen to this story
|
More than 20% of the web uses Cloudflare for security. Safe web browsing requires stronger encryption, and HTTP is one part of that. To achieve enhanced encryption, you need random numbers to create decryption keys, which have to be so random that they are next to impossible to trace by any machine or algorithm.
The strength of encryption is determined by how random your data is when creating decryption keys. Computers can be predictable, so Cloudflare uses lava lamps to generate random data.
The fluid in the lamp constantly changes its shape, and they are never repeated. This means you get a different shape each time. Cloudflare captures photos of these lava lamps and converts them to numbers, giving them the most random number possible.
The problem they are trying to solve…
Computers are not very good at picking random numbers as every part of the computing works in a structured manner and things can easily be traced back. This is where the problem starts for the encryption.
Sure, there are various tools by which you can make the computer produce numbers, such as using /dev/urandom to generate random numbers in Linux. But theoretically, with enough computational power, any string of random numbers generated by the computer can be traced back, and the file can be decrypted.
So, the core idea is not to rely on computers to generate random numbers but to monitor objects from the real world to achieve the highest randomness possible. Cloudflare uses lava lamps for this purpose.
The company has installed 100s of lava lamps in their head office in San Francisco and constantly monitors these lava lamps. They take pictures of the lava lamps at certain intervals.
The method of generating random numbers from lava lamps is called Lavarand.
After clicking pictures of lava lamps, they convert photos to numbers giving them the most random number sequence. What makes it strong is that even if you take pictures side by side, and there’s a difference of a single picture, the entire number string will be different. Yes, it’s that random!
This unpredictable data is used to create keys to encrypt the traffic that goes through Cloudflare’s network.
Later on, the random data is fed to Cloudflare’s data centers which eventually gets passed down to Linux kernels which seeds the random data to random number generators and you get keys that are super random and next to impossible to trace.
That’s not all, Cloudflare has more ways to generate random numbers. For example, Cloudflare’s London office has a series of pendulums installed, and their movements are mathematically unpredictable.
Here’s how they process the data:
Similarly, they have hanging rainbow mobiles creating colorful patterns on the surrounding walls, generating random data in their Austin office.
Is it Better than Computer-Generated Randomness?
The idea is not how you use the lava lamps but how you create random numbers that are untraceable and using lava lamps is only one way of doing it. And to make Lavarand even more robust and unpredictable, they also add entropy from environmental factors like people walking by, changes in lighting, etc.
I believe the idea of generating random numbers from surroundings is a great way to enhance the encryption.
Why is Everybody Else Not Doing the Same?
The idea is to get the highest randomness possible. For example, AWS Key Management Service (KMS) uses hardware security modules (HSMs) with a hybrid random number generator that combines a NIST-approved DRBG (Deterministic Random Bit Generator) seeded by a hardware true random number generator (TRNG).
Some users on Reddit pointed out that the entire Lavarand setup is just a PR stunt. One person pointed out that the camera capturing lava lamps had enough noise capable of generating random numbers. Moreover, each lava lamp consumes 40 watts/hour, which is quite a lot for generating random numbers, he added.
Using Quantum Random Number Generator (QRNG) chips is a more energy-efficient way to generate random numbers, a Reddit user suggested.
As long as you can generate random numbers (that are truly random), you can protect your network without any worries. Lavarand was Cloudflare’s way of protecting traffic going through their network, so it has to be convincing, right?
