Cloudflare uses a wall of lava lamps for some of their RNG needs
deleted by creator
To collect this data, Cloudflare has arranged about 100 lava lamps on one of the walls in the lobby of the Cloudflare headquarters and mounted a camera pointing at the lamps. The camera takes photos of the lamps at regular intervals and sends the images to Cloudflare servers. All digital images are really stored by computers as a series of numbers, with each pixel having its own numerical value, and so each image becomes a string of totally random numbers that the Cloudflare servers can then use as a starting point for creating secure encryption keys.
Surely that can’t be uniform random though
But they’re just using it for a seed, so the output would be impossible to predict, but it feels like a checksum or something would approach a Gaussian distribution (the more numbers you add up, the more Gaussian it would be, since we know an image will have a mean and finite variance).
There are ways to get entropy out of non-uniform data in order to approach if not reach a uniform distribution.
A naïve, but surprisingly effective way to do this would be to put the data through a hashing algorithm of some sort.
Good hashing algorithms are specifically designed to make similar but non-identical inputs hash to values that appear unrelated.
Depending on the data source, there may be more efficient ways of getting an unpredictable sequence of bits out of it. e.g. for image data, an image difference from an average image may be more appealing than using the plain image, but I’m not sure whether that’s legitimately “more random” or whether it just feels that way.
I’m sure they’re smarter than me but my novice cryptographer brain doesn’t understand this.
Isn’t the string of numbers representing each pixel rather limited Aren’t all those sections of the image that have lava lamps limited to values somewhere in the reddish/blueish spectrum? Isn’t the gray background very non-random?
Apparently the camera is accessible in the lobby. They say people walking in front of the camera adds randomness. If I go there and hold a photo in front of the camera which I know the values of, doesn’t that compromise everything?
To be fair their site says they take the lava lamp output and combine it with entropy from two servers and probably do a lot of other stuff before actually getting random numbers. But I don’t get how the lava lamps photo setup is even close to being random
tried and failed to add image, so here a link: https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/
deleted by creator
Math! Also, noise!
There are algorithms (a set of math steps) that make pseudo-random numbers. These usually involve large prime numbers, because those usually generate fewer repeating patterns.
A truly random number generator is similar to rolling dice: you use some source of randomness and convert it to a number. All electric circuits produce “noise” (which is often received radio waves and such that interfere with the circuits). Think of tuning a radio to a channel with nothing on it–you get “white noise”, which can be a good source of random information. Then all you need to do is convert that to a range of numbers, and you’re good to go.
These are fairly simplified explanations, so take them with a grain of salt, but they give the general idea.
All random, all thuh time
I see a lot of good answers here but let’s try it from another angle.
How do we get randomness from a function or formula?
For starters let’s setup a few simple rules.
Every time our random function is called we’ll
- Take the last output from a variable we call LAST_RESULT
- If there’s no value in LAST_RESULT we’ll assume the value is 1
- We run a set of calculations storing the value in a variable we call X
- We store the result of these calculations in LAST_RESULT
- We return this new “random” number.
So let’s call it.
> Random() Since LAST_RESULT is undefined SET LAST_RESULT to the value of 1 Set X to the result of this calculation (LAST_RESULT+1) * 3X is now 6
Set X to the result of this calculation (X + 7) / 2X is now 7
Set X to the result of this calculation (rounding to the nearest whole number) X/LAST_RESULTX is now 7
Set LAST_RESULT to the value of XLAST_RESULT is now 7
Return the value of X as the resultResult is 7
Ok. So let’s call it again
> Random() Set X to the result of this calculation (LAST_RESULT+1) * 3X is now 24
Set X to the result of this calculation (X + 7) / 2X is now 16
Set X to the result of this calculation (rounding to the nearest whole number) X/LAST_RESULTX is now 2
Set LAST_RESULT to the value of XLAST_RESULT is now 2
Return the value of X as the resultResult is 2
And if we call it again we get seemingly random results
Random() Result is 4
Random() Result is 3
But the next time you run it you’ll get the same results in the same order. 7, then 2 then 4 then 3
So what you need is something to “seed” the random number calculation.
Something like
SetRandomSeed Set LAST_RESULT to the current second of the day
Then when you call Random after this it starts with that as the prior results and gives seemingly random results.
Of course my calculations are rough and probably fail/repeat after so many calls but it gives you an idea of how this works.
So the trick is to get noise for the seed. That could be the number of non leap seconds since 00:00:00 UTC on Thursday, 1 January 1970 (Unix epoch)
Or the temperature reading of a CPU chip.
Maybe it’s the ratio of red vs yellow from a camera feed looking at lava lamps.
Or the current users average typing speed.
An additional note. Many of those would not be “cryptographically” secure for encryption because they can easily be determined by a third party. We all experience the same “Unix epoch” within a few milliseconds if our system clocks are properly set for example. Or monitored from afar and reproduced (hacked webcam shows they had just typed the following letters in the previous 27 seconds that we know the “algorithm” uses, etc.
From my opinion it is more computer science sorcery than math sorcery.
For true random generation you usually need some specialized hardware for it, that uses sone natural source of random. One could use the decay of a radioactive material as such a source or the noise one can get from audio input. Unfortunately, I don’t know what actual hardware uses.
For pseudo random generation, you usually use a seed (ideally a true random value or something with a high entropy) which you feed into an algorithm like Linear Congruental Generator (LCG) or Mersenne Twister (there are lots of algorithms).
One further important note: Tge use case forvwhich you need random numbers is important. A video game could accept a random number generator with “lower” quality while a cryptographic algorithm always needs a cryptographic secure random number generator (don’t forget: “don’t roll your own crypto”).
Finally there are quasi randim number generators, however this name is very misleading. The mathematical correct term is low discrepancy sequence. There are not random at all but can be used and have useful properties in some settungs where pseudo random number generators can be used. Never in a cryptographic algorithm, though.
An interesting source of randomness is using a diode “in reverse”. Randomly, a few electrons pass through, which can be amplified and measured. One uses a 2^n number of such constructs and XORs the results to get a random bit.
deleted by creator
Another tidbit: Operating systems (like Linux) usually provide a possibility to get entropy (ideally used as seed). Linux for example has /dev/urandom beyond others. Afaik, it uses the time between subsequent accesses to the hdd as one of the sources used to create the entropy.
Great write up, now I have to google what a Meraenne Twister is. To use audio input noise as a random number gen I would just hook it up to a pressision digital db meter but I’m guessing the software implementation is a little more practical.
A software solution usually can create “random” faster, with the drawback that its not actual random
The Mersenne Twister was a famous pseudo random number generator when I wrote my diploma thesis in 2009. Today, afaik, PCG (Permuted Congrentual Generator) are better.
They get some dude hammered drunk, then stand him by a pole and ask him to take 100 steps.
I love the idea of millions of drunk dudes by poles being employed just for random number generation
You can use physical objects like dice or lava lamps that will naturally form random distribution when we check. But Newton and others would argue that even this was a determinant problem and if you had perfect knowledge of the dice and a good physics theory, you could predict the outcome.
We can only recognize randomness by the patterns it leaves behind.
The philosophical truth is that we don’t know if “randomness” is an actual phenomena or just a bucket where we put outcomes we haven’t learned to predict yet. A sort of randomness of the gap. Some have suggested that as a pattern-recognizing machine, the human mind simply can’t conceive randomness. Even the way “randomness” is verified is by looking at the distribution in the outcome and see if it matches the pattern we expect.
PRNGs aren’t random at all; they produce a deterministic sequence of numbers based on a seed value and an internal counter. Two PRNGs using the same algorithm and seed will produce the same sequence of numbers. The sequence is difficult to predict without knowing the algorithm and seed, and the values are close to evenly-distributed, which is enough like random numbers for a lot of use cases.
Here’s an example in Ruby:
seed = Random.new_seed() => 142757148148443078663499575299582907518 prng_1 = Random.new(seed=seed) prng_1.rand() => 0.6702742156250219 prng_2 = Random.new(seed=seed) prng_2.rand() => 0.6702742156250219 prng_1.rand() => 0.9667236181962573 prng_2.rand() => 0.9667236181962573If you run this yourself using 142757148148443078663499575299582907518 as the seed, your first two pseudorandom numbers will also be 0.6702742156250219 and 0.9667236181962573, assuming your version of Ruby hasn’t changed its PRNG.
All you need is a bunch of lava lamps and a camera.
Nice try skynet
1000111000111100001100101010101001111111010010
