{"video_id":"fp_dDuYclMBjj","title":"Cloudflare's Lava Lamp Wall Explained","channel":"Techquickie","show":"Techquickie","published_at":"2024-11-06T21:32:00.016Z","duration_s":211,"segments":[{"start_s":0.0,"end_s":4.52,"text":"Cloudflare handles over five trillion web page requests every day,","speaker":null,"is_sponsor":0},{"start_s":4.52,"end_s":9.52,"text":"most of which are encrypted to protect your data. But did you know that this encryption depends on","speaker":null,"is_sponsor":0},{"start_s":10.38,"end_s":14.12,"text":"lava lamps? I'm talking regular lava lamps,","speaker":null,"is_sponsor":0},{"start_s":14.12,"end_s":19.08,"text":"like you can get on Amazon, what? Does the lava have some kind of super secret","speaker":null,"is_sponsor":0},{"start_s":19.08,"end_s":22.52,"text":"processing capability that's soon to put AMD and Intel out of business?","speaker":null,"is_sponsor":0},{"start_s":22.52,"end_s":25.92,"text":"Obviously not, but the lava is a great source","speaker":null,"is_sponsor":0},{"start_s":25.92,"end_s":29.28,"text":"of natural entropy, which is a measure of disorder,","speaker":null,"is_sponsor":0},{"start_s":29.36,"end_s":33.44,"text":"if you think back to high school physics. The reason natural entropy is important","speaker":null,"is_sponsor":0},{"start_s":33.44,"end_s":38.24,"text":"is that it provides natural randomness, which can be used to encrypt data.","speaker":null,"is_sponsor":0},{"start_s":38.24,"end_s":42.4,"text":"You see, the lava inside a lava lamp, which is actually just wax,","speaker":null,"is_sponsor":0},{"start_s":42.4,"end_s":45.84,"text":"flows in naturally random unpredictable patterns","speaker":null,"is_sponsor":0},{"start_s":45.84,"end_s":49.84,"text":"once the lamp is heated, just like how you can't predict exactly how steam","speaker":null,"is_sponsor":0},{"start_s":49.84,"end_s":54.4,"text":"rises from a boiling pot, for example. A camera at Cloudflare's headquarters","speaker":null,"is_sponsor":0},{"start_s":54.4,"end_s":57.54,"text":"is pointed at a wall of approximately 100 lava lamps","speaker":null,"is_sponsor":0},{"start_s":57.58,"end_s":62.66,"text":"and takes a photo ever so often to capture the exact pattern the lava lamps are showing.","speaker":null,"is_sponsor":0},{"start_s":62.66,"end_s":66.9,"text":"Those photos are then sent to a computer that gives each pixel a numerical value","speaker":null,"is_sponsor":0},{"start_s":66.9,"end_s":71.3,"text":"depending on its appearance, creating a random numerical string","speaker":null,"is_sponsor":0},{"start_s":71.3,"end_s":74.5,"text":"that becomes what we call a cryptographic seed.","speaker":null,"is_sponsor":0},{"start_s":74.5,"end_s":77.7,"text":"This seed number is fed into a mathematical function","speaker":null,"is_sponsor":0},{"start_s":77.7,"end_s":82.7,"text":"that creates another seed, which then gets fed into a number generator whose outputs","speaker":null,"is_sponsor":0},{"start_s":82.7,"end_s":87.42,"text":"can be used for cryptographic keys, used to encrypt and decrypt traffic,","speaker":null,"is_sponsor":0},{"start_s":87.42,"end_s":91.3,"text":"making it difficult for attackers to see what you're looking at.","speaker":null,"is_sponsor":0},{"start_s":91.3,"end_s":95.18,"text":"These keys are also used to confirm that the communication actually came","speaker":null,"is_sponsor":0},{"start_s":95.18,"end_s":99.42,"text":"from the website you're connected to, preventing your data from flowing to an attacker","speaker":null,"is_sponsor":0},{"start_s":99.42,"end_s":102.52,"text":"that's pretending to be a legitimate service,","speaker":null,"is_sponsor":0},{"start_s":102.52,"end_s":107.86,"text":"but actually isn't a legitimate service. Besides lava lamps, some of Cloudflare's offices","speaker":null,"is_sponsor":0},{"start_s":107.86,"end_s":111.62,"text":"use swinging pendulums or rainbow mobiles","speaker":null,"is_sponsor":0},{"start_s":111.62,"end_s":116.06,"text":"that get blown around by the air conditioning. Even if someone were to walk in front of these installations","speaker":null,"is_sponsor":0},{"start_s":116.06,"end_s":119.26,"text":"and the camera captures their photo, that's actually completely fine,","speaker":null,"is_sponsor":0},{"start_s":119.26,"end_s":122.3,"text":"as that just adds a different kind of randomness to the image.","speaker":null,"is_sponsor":0},{"start_s":122.3,"end_s":127.7,"text":"Cloudflare even has an installation in Singapore where the natural decay of a chunk of uranium","speaker":null,"is_sponsor":0},{"start_s":127.7,"end_s":133.26,"text":"is the randomness source. But why all this rigmarole? It turns out computers are much worse","speaker":null,"is_sponsor":0},{"start_s":133.26,"end_s":136.26,"text":"than Mother Nature at generating true randomness.","speaker":null,"is_sponsor":0},{"start_s":136.26,"end_s":140.38,"text":"While there are lots of easily accessible random number generators out there,","speaker":null,"is_sponsor":0},{"start_s":140.38,"end_s":144.3,"text":"many of them are pseudo random rather than truly random.","speaker":null,"is_sponsor":0},{"start_s":144.3,"end_s":147.64,"text":"But what's the difference? Well, pseudo random number generators","speaker":null,"is_sponsor":0},{"start_s":147.64,"end_s":153.42,"text":"produce numbers by using an algorithm, meaning that they're predictable if you know the seed,","speaker":null,"is_sponsor":0},{"start_s":153.42,"end_s":157.3,"text":"as the same seed will produce the same output every time.","speaker":null,"is_sponsor":0},{"start_s":157.3,"end_s":162.22,"text":"Unless that seed is truly random, there's no actual true randomness in the process,","speaker":null,"is_sponsor":0},{"start_s":162.22,"end_s":166.06,"text":"meaning that you could guess a cryptographic key if you know the seed.","speaker":null,"is_sponsor":0},{"start_s":166.06,"end_s":171.74,"text":"And on many pseudo random number generators, that may not be that hard to do","speaker":null,"is_sponsor":0},{"start_s":171.74,"end_s":177.54,"text":"if the seed is something fairly easy to guess, like the date or the time as are commonly used.","speaker":null,"is_sponsor":0},{"start_s":177.54,"end_s":183.34,"text":"And this might be fine if you're just trying to decide on a random number for something like a D20 role","speaker":null,"is_sponsor":0},{"start_s":183.34,"end_s":186.5,"text":"in your D&D game. But for trying to keep internet traffic secure,","speaker":null,"is_sponsor":0},{"start_s":186.5,"end_s":191.1,"text":"a truly random hard to guess seed from a natural entropy source is essential.","speaker":null,"is_sponsor":0},{"start_s":191.1,"end_s":194.7,"text":"But if you're in need of a random number generator in your own home for whatever reason,","speaker":null,"is_sponsor":0},{"start_s":194.7,"end_s":198.74,"text":"we recommend lava lamps over radioactive materials","speaker":null,"is_sponsor":0},{"start_s":198.74,"end_s":202.02,"text":"in the long term, they're less bad for you. Thanks for watching guys.","speaker":null,"is_sponsor":0},{"start_s":202.02,"end_s":205.84,"text":"If you liked this video, check out our other video on a Cloudflare mishap","speaker":null,"is_sponsor":0},{"start_s":205.84,"end_s":209.02,"text":"that took a good chunk of internet offline.","speaker":null,"is_sponsor":0},{"start_s":209.02,"end_s":210.06,"text":"Those guys.","speaker":null,"is_sponsor":0}],"full_text":"Cloudflare handles over five trillion web page requests every day, most of which are encrypted to protect your data. But did you know that this encryption depends on lava lamps? I'm talking regular lava lamps, like you can get on Amazon, what? Does the lava have some kind of super secret processing capability that's soon to put AMD and Intel out of business? Obviously not, but the lava is a great source of natural entropy, which is a measure of disorder, if you think back to high school physics. The reason natural entropy is important is that it provides natural randomness, which can be used to encrypt data. You see, the lava inside a lava lamp, which is actually just wax, flows in naturally random unpredictable patterns once the lamp is heated, just like how you can't predict exactly how steam rises from a boiling pot, for example. A camera at Cloudflare's headquarters is pointed at a wall of approximately 100 lava lamps and takes a photo ever so often to capture the exact pattern the lava lamps are showing. Those photos are then sent to a computer that gives each pixel a numerical value depending on its appearance, creating a random numerical string that becomes what we call a cryptographic seed. This seed number is fed into a mathematical function that creates another seed, which then gets fed into a number generator whose outputs can be used for cryptographic keys, used to encrypt and decrypt traffic, making it difficult for attackers to see what you're looking at. These keys are also used to confirm that the communication actually came from the website you're connected to, preventing your data from flowing to an attacker that's pretending to be a legitimate service, but actually isn't a legitimate service. Besides lava lamps, some of Cloudflare's offices use swinging pendulums or rainbow mobiles that get blown around by the air conditioning. Even if someone were to walk in front of these installations and the camera captures their photo, that's actually completely fine, as that just adds a different kind of randomness to the image. Cloudflare even has an installation in Singapore where the natural decay of a chunk of uranium is the randomness source. But why all this rigmarole? It turns out computers are much worse than Mother Nature at generating true randomness. While there are lots of easily accessible random number generators out there, many of them are pseudo random rather than truly random. But what's the difference? Well, pseudo random number generators produce numbers by using an algorithm, meaning that they're predictable if you know the seed, as the same seed will produce the same output every time. Unless that seed is truly random, there's no actual true randomness in the process, meaning that you could guess a cryptographic key if you know the seed. And on many pseudo random number generators, that may not be that hard to do if the seed is something fairly easy to guess, like the date or the time as are commonly used. And this might be fine if you're just trying to decide on a random number for something like a D20 role in your D&D game. But for trying to keep internet traffic secure, a truly random hard to guess seed from a natural entropy source is essential. But if you're in need of a random number generator in your own home for whatever reason, we recommend lava lamps over radioactive materials in the long term, they're less bad for you. Thanks for watching guys. If you liked this video, check out our other video on a Cloudflare mishap that took a good chunk of internet offline. Those guys."}