Edward Craven Walker lived to see his greatest invention, the lava lamp, make its late-’90s cultural comeback. But the British tinkerer (and famed nudist, incidentally) died before he could witness the 21st- century digital potential of his analog creation. Inside the San Francisco office of the web security company Cloudflare, 100 units of Craven Walker’s groovy hardware help protect wide swaths of the internet from infiltration.Here’s how it works. Every time you log in to any website, you’re assigned a unique identification number. It should be random, because if hackers can predict the number, they’ll impersonate you. Computers, relying as they do on human-coded patterns, can’t generate true randomness—but nobody can predict the goopy mesmeric swirlings of oil, water, and wax. Cloudflare films the lamps 24/7 and uses the ever-changing arrangement of pixels to help create a superpowered cryptographic key. “Anything that the camera captures gets incorporated into the randomness,” says Nick Sullivan, the company’s head of cryptography, and that includes visitors milling about and light streaming through the windows. (Any change in heat subtly affects the undulations of those glistening globules.)
Sure, theoretically, bad guys could sneak their own camera into Cloudflare’s lobby to capture the same scene, but the company’s prepared for such trickery. It films the movements of a pendulum in its London office and records the measurements of a Geiger counter in Singapore to add more chaos to the equation. Crack that, Russians.
(Via Security Latest)
I love the analog nature of this plus the additional geographically disbursed randomness in the system.
I think I first heard about the use of lava lamps for RNG operations in the late ‘90s or early 2000’s. I went so far as to buy a few to set up a smaller version of the Cloudflare rig, but my ex-wife “borrowed” them permanently. Sadly, I’ve lived without strong randomness ever since.