How A Wall of Lava Lamps Is Protecting The Internet
How this unique technology keeps hackers at bay
Lava lamps were once popular bedside attractions, but those days are long gone. Today, the humble lava lamp seems to have more in common with the waterbed than anything else. They were cool once, but now you’re a weirdo if you still have one. (I used to have a number of different lava lamps as a child, and when I brought up the idea of getting another one for nostalgia’s sake, my wife gave me a withering glare.) What most people don’t realize is that simple lava lamps are working tirelessly to keep the internet safe from hackers. There is a good chance that your favorite website is being kept safe by the soothing glow of lava lamp bubbles.
Lava Lamp Security
Cloudflare is responsible for roughly 20% of the internet’s primary internet traffic. Cloudflare is a web hosting company that manages thousands of different websites. (Medium is a website hosted by Cloudflare.) That means that Cloudflare is responsible for billions of hits of web traffic, many of which could be potentially malicious. In order to deter hackers, Cloudflare has developed an ingenious security system using lava lamps.
In the Cloudflare Headquarters in San Francisco, there is a wall with roughly 100 lava lamps that run continuously. This wall is more than just a fashion statement; it is a key piece of their security apparatus. Above the wall of lava lamps is a camera that is continuously taking data. This camera takes the position of all of the lava in the lamps and feeds it to a security program, which turns those positions into keys, which are then used to build encryption for their web traffic.
Cloudflare does not keep this a secret. They talk about it very openly. The secret is not in the lava lamps themselves but rather what they produce — a constant stream of random information.
Why Lava Lamps?
Cloudflare makes it very clear that the key to any good encryption system is randomness. Some people might think that a computer would be excellent at generating randomness. But that is not the case. Computers can only work within a given framework. That means that computers are great at spitting out random numbers, but those numbers, by necessity, must work within a certain framework. This means that cracking encryption isn’t about finding the specific key that unlocks the encryption but rather finding the framework in which these numbers are generated.
For example, one might think that a computer that spits out a random number between one and a trillion is a good system. But knowing that the encryption is based on a number between one and a trillion automatically makes it much easier to decrypt. All computer-based encryption systems work on a similar framework. Every computer can only spit out numbers based on a set of parameters given to it by a human.
The only way to achieve true randomness is to use manpower (people coming up with random encryption ideas), which is expensive. Or you can do what Cloudflare does, which is to use lava lamps.
Lava lamps are inherently random. It is impossible to predict exactly where the little lava bubbles are going to go. Are they going to split? Are they going to continue to rise or sink downward? Will the bubbles bounce off one another or sail past each other majestically? Much like atmospheric dynamics, fluid, and heat dynamics are nearly impossible to predict with 100% accuracy. This makes lava lamps the perfect encryption creation device.
When the camera watching the lava lamps in Cloudflare HQ snaps an image, it is getting something truly random. That randomness is then used to create unique encryption codes, which are nearly impossible to hack. Why? Because they are nearly impossible to predict. Unlike other systems, the lava lamps are not working within a set of parameters. They do what they want, and the computer just watches them. The lava lamps create the true randomness that most computers are incapable of creating on their own.
Conclusion
Cybersecurity is a major problem. There is no end to the number of bad actors looking to crack online security systems. Getting into the meat of a website’s code can give hackers access to valuable user information, which can then be sold, or they can take control of the website and hold it for ransom. Both of these problems (data breaches and ransomware) are growing headaches for security professionals around the world. While the lava lamps are likely just the tip of the iceberg when it comes to Cloudflare’s internet security, it is interesting to think that something so simple (and maligned) can do such an important job in an age of AI and quantum computing.
