WEBVTT

00:00:00.000 --> 00:00:04.520
Cloudflare handles over five trillion web page requests every day,

00:00:04.520 --> 00:00:09.520
most of which are encrypted to protect your data. But did you know that this encryption depends on

00:00:10.380 --> 00:00:14.120
lava lamps? I'm talking regular lava lamps,

00:00:14.120 --> 00:00:19.080
like you can get on Amazon, what? Does the lava have some kind of super secret

00:00:19.080 --> 00:00:22.520
processing capability that's soon to put AMD and Intel out of business?

00:00:22.520 --> 00:00:25.920
Obviously not, but the lava is a great source

00:00:25.920 --> 00:00:29.280
of natural entropy, which is a measure of disorder,

00:00:29.360 --> 00:00:33.440
if you think back to high school physics. The reason natural entropy is important

00:00:33.440 --> 00:00:38.240
is that it provides natural randomness, which can be used to encrypt data.

00:00:38.240 --> 00:00:42.400
You see, the lava inside a lava lamp, which is actually just wax,

00:00:42.400 --> 00:00:45.840
flows in naturally random unpredictable patterns

00:00:45.840 --> 00:00:49.840
once the lamp is heated, just like how you can't predict exactly how steam

00:00:49.840 --> 00:00:54.400
rises from a boiling pot, for example. A camera at Cloudflare's headquarters

00:00:54.400 --> 00:00:57.540
is pointed at a wall of approximately 100 lava lamps

00:00:57.580 --> 00:01:02.660
and takes a photo ever so often to capture the exact pattern the lava lamps are showing.

00:01:02.660 --> 00:01:06.900
Those photos are then sent to a computer that gives each pixel a numerical value

00:01:06.900 --> 00:01:11.300
depending on its appearance, creating a random numerical string

00:01:11.300 --> 00:01:14.500
that becomes what we call a cryptographic seed.

00:01:14.500 --> 00:01:17.700
This seed number is fed into a mathematical function

00:01:17.700 --> 00:01:22.700
that creates another seed, which then gets fed into a number generator whose outputs

00:01:22.700 --> 00:01:27.420
can be used for cryptographic keys, used to encrypt and decrypt traffic,

00:01:27.420 --> 00:01:31.300
making it difficult for attackers to see what you're looking at.

00:01:31.300 --> 00:01:35.180
These keys are also used to confirm that the communication actually came

00:01:35.180 --> 00:01:39.420
from the website you're connected to, preventing your data from flowing to an attacker

00:01:39.420 --> 00:01:42.520
that's pretending to be a legitimate service,

00:01:42.520 --> 00:01:47.860
but actually isn't a legitimate service. Besides lava lamps, some of Cloudflare's offices

00:01:47.860 --> 00:01:51.620
use swinging pendulums or rainbow mobiles

00:01:51.620 --> 00:01:56.060
that get blown around by the air conditioning. Even if someone were to walk in front of these installations

00:01:56.060 --> 00:01:59.260
and the camera captures their photo, that's actually completely fine,

00:01:59.260 --> 00:02:02.300
as that just adds a different kind of randomness to the image.

00:02:02.300 --> 00:02:07.700
Cloudflare even has an installation in Singapore where the natural decay of a chunk of uranium

00:02:07.700 --> 00:02:13.260
is the randomness source. But why all this rigmarole? It turns out computers are much worse

00:02:13.260 --> 00:02:16.260
than Mother Nature at generating true randomness.

00:02:16.260 --> 00:02:20.380
While there are lots of easily accessible random number generators out there,

00:02:20.380 --> 00:02:24.300
many of them are pseudo random rather than truly random.

00:02:24.300 --> 00:02:27.640
But what's the difference? Well, pseudo random number generators

00:02:27.640 --> 00:02:33.420
produce numbers by using an algorithm, meaning that they're predictable if you know the seed,

00:02:33.420 --> 00:02:37.300
as the same seed will produce the same output every time.

00:02:37.300 --> 00:02:42.220
Unless that seed is truly random, there's no actual true randomness in the process,

00:02:42.220 --> 00:02:46.060
meaning that you could guess a cryptographic key if you know the seed.

00:02:46.060 --> 00:02:51.740
And on many pseudo random number generators, that may not be that hard to do

00:02:51.740 --> 00:02:57.540
if the seed is something fairly easy to guess, like the date or the time as are commonly used.

00:02:57.540 --> 00:03:03.340
And this might be fine if you're just trying to decide on a random number for something like a D20 role

00:03:03.340 --> 00:03:06.500
in your D&D game. But for trying to keep internet traffic secure,

00:03:06.500 --> 00:03:11.100
a truly random hard to guess seed from a natural entropy source is essential.

00:03:11.100 --> 00:03:14.700
But if you're in need of a random number generator in your own home for whatever reason,

00:03:14.700 --> 00:03:18.740
we recommend lava lamps over radioactive materials

00:03:18.740 --> 00:03:22.020
in the long term, they're less bad for you. Thanks for watching guys.

00:03:22.020 --> 00:03:25.840
If you liked this video, check out our other video on a Cloudflare mishap

00:03:25.840 --> 00:03:29.020
that took a good chunk of internet offline.

00:03:29.020 --> 00:03:30.060
Those guys.