The Grooviest Random Number Generator Ever

Cloudflare is one of those Internet companies you use all the time, but don’t usually know it. Big websites you visit use Cloudflare to shore up their defenses against denial of service attacks. The company needed some truly random numbers for its security solutions, so it turned to some groovy old tech: lava lamps. In their office is a wall of 100 lava lamps monitored by cameras. The reaction of the lamps is unpredictable, and this allows them to generate really random numbers. [Joshua], a Cloudflare employee, talks about the technical details of the system in a recent blog post.

You might think this is a new and novel idea, but it turns out the LavaRnd (or maybe it is LavaRand — there’s some dispute if you read the comments below) system has been around for a while. In fact, we covered it way back in 2005. Silicon Graphics patented the system in 1996.

You would think these lava lamps would be locked in a bunker somewhere. It turns out, you can see the wall of lava lamps by just visiting Cloudflare’s offices in San Francisco. People disturbing the images are one of the sources of random unpredictability.

The company doesn’t directly use the random numbers from the lamps. [Joshua] explains how on a reboot, each production machine grabs a chunk of random numbers and uses it to seed its usual random number generators. This leads to an interesting problem of ensuring everyone is who they say they are without relying on the very secure protocols you are trying to spin up with random numbers. You can read the solution to that conundrum in the blog post.

You can see a video of the Cloudflare lava wall by [Tom Scott], below. If you don’t need a random number generator, maybe you could use a spectrum analyzer.

Thanks to [Ptkwilliams] for the tip.

28 thoughts on “The Grooviest Random Number Generator Ever

        1. This isn’t really about efficiency tho, if you want to be efficient you would just use an avalanche diode.

          This is primarily a thing that looks cool for their office, and secondarily a source of random numbers.

  1. At 6 minutes in, you can see a visual showing how the RNG output of Super Mario World repeats (though the whole video is actually fairly well done). Curious about their random number generation and how it differs here and if this really has as much utility as one might think?

    This is an interesting looking approach but also at 40 watts per lamp times 100, you do have a bit of a room heater effect to consider as well.

    1. The two are different in where the original seed comes from and what it is.

      The game console has no hardware RNG, and in the case of the snes it uses millisecond sampled input data from the control pads.
      Since a human finger doesn’t have millisecond accurate control over that input, that input is “random enough” for the purposes of a game.

      However under a controlled environment, say for example a microcontroller triggering input events for playback purposes, it is possible to always generate the same millisecond accurate inputs and thus control the initial RNG seed.
      This means each run of any program will always be identical, including the initial seed, and so all of the random numbers will also be identical.

      The lava lamp method uses input from the blobs in the lamps to help adjust the initial seed.
      So without some way to simulate the physics of the lava lamp materials at the atomic level in real time, it shouldn’t be possible to predict or control these values to manipulate the initial seed.

      Since it should be within the laws of science to actually do that however, at some point in the future even this won’t be “random enough” – although it should be fine for many hundreds of years if not many thousands.

      There are other similar methods of obtaining random input on a subatomic scale. Using a bare CCD sensor and a source of radioactive decay should in theory not be simulatable at all. As such there are designs based on using alpha particle sources from things like smoke detectors to make hardware random number generators based on the same methods as the lava lamps but be even more random.

      1. “The lava lamp method uses input from the blobs in the lamps to help adjust the initial seed.”

        That was my impression as well.

        Which would be considerably more random than a hardware based pseudo RNG. But once the initial seed is selected, does it not iterate through a set pseudo RNG list and then repeat, similar to how Super Mario World does it (though possibly larger)? In other words is this lava lamp randomness something that actually helps considerably or is it more for show?

        1. It does help considerably so far as the software RNG seed goes.
          But yes the software RNG is just a function, more complex these days than the super mario world one, but still procedural.

          Also worth noting is that PCs of today use a surprisingly large number of sources of randomness to seed the software RNG.
          Keyboard/mouse input, various interrupts from attached hardware, even multiple temperature sensors in various components like the CPU and MB.

          The idea is that the “real” sources of entropy can only supply so many random bits over a given time, and it’s a relatively small amount.
          But using it mainly for seed values, not just when the software RNG starts but at various points throughout its runtime, you can gain a very large amount of software RNG values based off seeds that ideally are unpredictable, or at least extremely hard to predict.

          If you’ve ever come across unix discussions on the difference between /dev/random vs /dev/urandom it can explain the difference fairly well.
          One is the hardware RNG, which when read will give you pretty decent random values, but then block when waiting for additional entropy to be gathered.
          The other is the software RNG, which will feed you as much randomness as you want, but it’s proceduraly generated from the hardware RNG as a seed, so over all it’s not quite as random.

          (The holy wars in such discussions tend to start once someone points out its a really bad idea to constantly starve your entropy pool, as this can have an effect on how well the software RNG can work, and potentially reduce randomness over all)

  2. I am one of LavaRND inventors. Can you correct the link to the LavaRand site please — http://lavarand.org. You are currently pointing to LavaRND.org which is no longer the official version – but much of the content and structure has been “copied” from the original. This unfortunate set of events happened due to a problem with domain renewal and a 3rd Party now has control of that site – it is not affiliated and permission has not been obtained for the content. Thanks.

  3. Hacking is great and this is an awesome project!
    But security needs to be done correctly and this is a hack – is there an evidence based resoning behind their setup (i.e. science)?
    Gathering good entropy is non-trivial as you cannot check if something is random but only can check if it follows known patterns… Are there any checks or is this just a source of data which is assumed to be random? And why is their source public? Anybody having access to the source might be able to remove the entropy from the data since the pattern of the lamps is now known….
    Don’t get me wrong, it might be possible to gather good entropy and attacks (always) seem unlikely but it should be stated clear and precise why this setup is qualified. I believe this is especially true on a blog read by many non-professional entropy/security guys and novices as many will take away that it is easy to gather entropy and might do it wrong later – reducing security where established sources of (low) entropy would have been better.

  4. Would an aquarium filled with glitter agitated, by aquarium pumps that sporadically turn on and off filmed by a camera produce similar effects?
    You could then say your computer is protected by “Sparkle Power”

    1. For the same idea on a smaller scale; a snow globe with a piezo element (or ultrasonic transducer) as agitator, or a lab beaker with a magnetic stirrer? The snow globe could easily be powered by batteries inside the base if the piezo element is only pulsed on a timer to prevent things from settling too much instead of kept running all the time.

  5. I feel cloudflare is awful. And I don’t ‘use cloudflare all the time’, it is they who use me all the time, against my will and right on privacy.
    It’s on every goddamn site and thus can track you everywhere. I bet they make more money from NSA payoffs than from customers combined.
    And they work with Google CAPTCHA.. as if it’s not bad enough.

    So there you have it, it leaves me less than amused. And more than a little annoyed.

    But since this post isn’t ‘HAppy HAppy, JOy JOy’ it will probably be destroyed by the idiots running HaD censorship.

      1. Indeed, it’s been a steady decline over the many years and eventually it’ll catch up to reality.

        And another problem is that with decentralization comes the risk as potential attack vectors, nasty types only need successfully hack one thing to mess with millions of people.
        That’s what annoys me with some scripting host, if I allow certain ones for one site and it is also used on hundreds of other sites I not only expose my privacy but also become vulnerable to something much more likely to be hacked since it’s a juicy target and is noticed more.

  6. Most likelly lava lamps don’t add anything really. You get so much noise from digital camera that pointing it at open office, outside of the window or at the sky would be enough.

  7. Doesn’t the RDSEED command added to the Intel Broadwell and AMD Zen CPUs a few years back provide a comparable capability?

    According to wikipedia:

    “The entropy source for the RDSEED instruction runs asynchronously on a self-timed circuit and uses thermal noise within the silicon to output a random stream of bits at the rate of 3 GHz.”

    It is intended to used as a hardware RNG to provide seeds for a software psuedo-RNG.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s