alt Hacker NewsThe Futility of Lava Lamps: What Random Means
Comments
As far as cryptographic security theater goes, it's hard for me to get angry about lava lamps.
I don't remember their initial post about the lava lamps, but I had assumed that was a marketing gimmick more than anything... a neat visual way to convey what entropy is in a way normal humans can comprehend.
It's certainly not a scalable solution for entropy, and there are so many ways for it to fail as a sole source, as well.
They don't actually do anything, but I think it's hard to tell a story where they make things worse, given that Cloudflare is a cryptographically competent org. It's just getting mixed into the already-secure conventional CSPRNG they're using (almost certainly: just the Linux kernel RNG).
article has a section dedicated to "how to obtain starting seed" with a list of examples and somehow fails to include wall of lava lamps in said list of examples
Nothing is random enough for an arbitrary audience. There's always the possibility that some alien spaceship will land and some creature will emerge, take a glance at your RNG, and say: "next one's 6598489811, try it" and they'll be right.
We can only say that something is random enough given a certain audience's beliefs about what kind of predictions are possible. If it takes lava lamps to convince that audience, well then ok.
Seems needlessly angry about what is ultimately a decent if imperfect source of entropy, and a good illustrative example for the general public
The very end of the article says “They can keep them for decoration but servers must generate their own random numbers.” I thought the lava lamps were for this purpose.
How about electrodes attached to a mushroom
I suspect the author hasn't heard of physical unclonable functions.
[dead]
> And if it is broken… then you’re screwed, sorry. See, both your encryption and your CSPRNG relies on a cipher. If either is broken, then so is your whole system.
Not necessarily. The CSPRNG state could in theory be leaked via sidechannels. Your cipher key could be leaked via sidechannels too, but symmetric encryption keys tend to be shorter lived.
With a one-time pad being, as I understand it, the only really good encryption, I am surprised there is not a market for pairs of matched hard drives—the pair having the same "one time pad" stored on them (how you generate those numbers is left as an exercise for the company marketing them).
A simple app could be used by parties on both ends of the message—an app that relies on an associated drive to act as the pad.
If you become aware that one of the two matched drives has been compromised (stolen perhaps by an outside party), you destroy its partner.
(Perhaps too you can design the drive in such a way as to make it non-trivial to copy—you more or less need possession of the drive itself. That makes it unlikely for there to be a 3rd drive the two parties are unaware of.)
Lotta speculation about it's value but seems cloudflare does legitimately use this source.
https://blog.cloudflare.com/lavarand-in-production-the-nitty...
They even mention it's origins in Lavarand (and LavaRand) the former which has an actual patent: https://patents.google.com/patent/US5732138A/en
Yes there's a bit of theater here, and they admit to using the sensor noise as well, it's also not their only source of physical entropy. While you could do just as much with less interesting sources the wall of lava lamps is a perfectly cromulent source of randomness, also is kinda fun.