1
00:00:00,000 --> 00:00:04,520
Cloudflare handles over five trillion web page requests every day,

2
00:00:04,520 --> 00:00:09,520
most of which are encrypted to protect your data. But did you know that this encryption depends on

3
00:00:10,380 --> 00:00:14,120
lava lamps? I'm talking regular lava lamps,

4
00:00:14,120 --> 00:00:19,080
like you can get on Amazon, what? Does the lava have some kind of super secret

5
00:00:19,080 --> 00:00:22,520
processing capability that's soon to put AMD and Intel out of business?

6
00:00:22,520 --> 00:00:25,920
Obviously not, but the lava is a great source

7
00:00:25,920 --> 00:00:29,280
of natural entropy, which is a measure of disorder,

8
00:00:29,360 --> 00:00:33,440
if you think back to high school physics. The reason natural entropy is important

9
00:00:33,440 --> 00:00:38,240
is that it provides natural randomness, which can be used to encrypt data.

10
00:00:38,240 --> 00:00:42,400
You see, the lava inside a lava lamp, which is actually just wax,

11
00:00:42,400 --> 00:00:45,840
flows in naturally random unpredictable patterns

12
00:00:45,840 --> 00:00:49,840
once the lamp is heated, just like how you can't predict exactly how steam

13
00:00:49,840 --> 00:00:54,400
rises from a boiling pot, for example. A camera at Cloudflare's headquarters

14
00:00:54,400 --> 00:00:57,540
is pointed at a wall of approximately 100 lava lamps

15
00:00:57,580 --> 00:01:02,660
and takes a photo ever so often to capture the exact pattern the lava lamps are showing.

16
00:01:02,660 --> 00:01:06,900
Those photos are then sent to a computer that gives each pixel a numerical value

17
00:01:06,900 --> 00:01:11,300
depending on its appearance, creating a random numerical string

18
00:01:11,300 --> 00:01:14,500
that becomes what we call a cryptographic seed.

19
00:01:14,500 --> 00:01:17,700
This seed number is fed into a mathematical function

20
00:01:17,700 --> 00:01:22,700
that creates another seed, which then gets fed into a number generator whose outputs

21
00:01:22,700 --> 00:01:27,420
can be used for cryptographic keys, used to encrypt and decrypt traffic,

22
00:01:27,420 --> 00:01:31,300
making it difficult for attackers to see what you're looking at.

23
00:01:31,300 --> 00:01:35,180
These keys are also used to confirm that the communication actually came

24
00:01:35,180 --> 00:01:39,420
from the website you're connected to, preventing your data from flowing to an attacker

25
00:01:39,420 --> 00:01:42,520
that's pretending to be a legitimate service,

26
00:01:42,520 --> 00:01:47,860
but actually isn't a legitimate service. Besides lava lamps, some of Cloudflare's offices

27
00:01:47,860 --> 00:01:51,620
use swinging pendulums or rainbow mobiles

28
00:01:51,620 --> 00:01:56,060
that get blown around by the air conditioning. Even if someone were to walk in front of these installations

29
00:01:56,060 --> 00:01:59,260
and the camera captures their photo, that's actually completely fine,

30
00:01:59,260 --> 00:02:02,300
as that just adds a different kind of randomness to the image.

31
00:02:02,300 --> 00:02:07,700
Cloudflare even has an installation in Singapore where the natural decay of a chunk of uranium

32
00:02:07,700 --> 00:02:13,260
is the randomness source. But why all this rigmarole? It turns out computers are much worse

33
00:02:13,260 --> 00:02:16,260
than Mother Nature at generating true randomness.

34
00:02:16,260 --> 00:02:20,380
While there are lots of easily accessible random number generators out there,

35
00:02:20,380 --> 00:02:24,300
many of them are pseudo random rather than truly random.

36
00:02:24,300 --> 00:02:27,640
But what's the difference? Well, pseudo random number generators

37
00:02:27,640 --> 00:02:33,420
produce numbers by using an algorithm, meaning that they're predictable if you know the seed,

38
00:02:33,420 --> 00:02:37,300
as the same seed will produce the same output every time.

39
00:02:37,300 --> 00:02:42,220
Unless that seed is truly random, there's no actual true randomness in the process,

40
00:02:42,220 --> 00:02:46,060
meaning that you could guess a cryptographic key if you know the seed.

41
00:02:46,060 --> 00:02:51,740
And on many pseudo random number generators, that may not be that hard to do

42
00:02:51,740 --> 00:02:57,540
if the seed is something fairly easy to guess, like the date or the time as are commonly used.

43
00:02:57,540 --> 00:03:03,340
And this might be fine if you're just trying to decide on a random number for something like a D20 role

44
00:03:03,340 --> 00:03:06,500
in your D&D game. But for trying to keep internet traffic secure,

45
00:03:06,500 --> 00:03:11,100
a truly random hard to guess seed from a natural entropy source is essential.

46
00:03:11,100 --> 00:03:14,700
But if you're in need of a random number generator in your own home for whatever reason,

47
00:03:14,700 --> 00:03:18,740
we recommend lava lamps over radioactive materials

48
00:03:18,740 --> 00:03:22,020
in the long term, they're less bad for you. Thanks for watching guys.

49
00:03:22,020 --> 00:03:25,840
If you liked this video, check out our other video on a Cloudflare mishap

50
00:03:25,840 --> 00:03:29,020
that took a good chunk of internet offline.

51
00:03:29,020 --> 00:03:30,060
Those guys.