I think the term "theatre" implies "is meant to achieve X but fails to", rather than "achieves X in a slightly flamboyant manner".
Like all the COVID-prevention theatre: sitting in restaurants and only masking when you visit the toilet. Hand-washing often whilst in unventilated areas with no masks. That's all "COVID theatre" IMO, as it fails to actually prevent the thing ostensibly being tackled.
My favourite one FWIW was wiping down the seat padding in the gym where nobody was masked - I mean who came up with that??
A creative hardware source of legit randomness is not the same as security theatre, and arguably has some useful educational aspect - it's certainly a talking point!
> Why not just use a hardware-backed random number generator?
They do, don't they? I think the Lavalamps, etc, are just _extra_ entropy. The more entropy you add (even if it's _not_ a certified or perfect random source) only improves the random number generator.
Random numbers have always worried me. Hence the Lava Lamps etc. at Cloudflare and the fact that I predicted that attack on HN about a month before it happened: https://news.ycombinator.com/item?id=640213
I'm reading that post, and while fascinating, I don't understand the entropy calculation.
The digit chance is easy:
For a single digit to appear one needs 1/3 * 1/10 = 1/30.
For a single letter to appear one needs 1/3 * 1/26 = 1/78.
But the bits of entropy throw me off. 26 + 26 + 10 = 62, which is 2^5.954. But that is for a uniform distribution. The writer states that it actually is 2^5.826, or 1/~56.7. I don't get how they to that number.
Like you said, the probability of any digit appearing is 1/30, and there are 10 digits. The probability of a lower- or upper- case letter appearing is 1/78, and there are 26+26 = 52 letters.
Plugging that into the formula for Shannon entropy, we get this:
But in the case of HN the RNG was seeded by millisecond-granularity timestamps. This was universally considered bad already in 2009 (it would have been even in 1999). The Debian SSL key scandal happened in 2008.
It is quite a leap to say "timestamp-based seeds are insecure, let's upgrade to lava lamps".
But it is theatre.
A single £0.01 Zener diode can generate vastly more guaranteed (by quantum mechanics!) randomness, without all the possibility of failure, entropy leaking etc.
Yes it is much more cool to look at than a zener diode, but it is still a source of physical entropy. And one could argue that a whole bunch of chaotic pendulums are more resilient to failure than a single diode.
Simple argument for "security theatre": Even if Cloudflare happens to use this technology (chaotic pendulums) as an RNG, they'd still put the instance of it that is their on-line RNG somewhere out of sight and seriously secure. The instance that is publicly viewable - and probably has plenty of wanna-be hostiles thinking "how could I use that to..." - would only be connected to their intrusion-detection systems.
Funny story I've told on hn before. Post office bond draws were using "ernie" which did randomness from thermionic valves. My dad helped build "icce" at imperial college in the 50s (something like the 5th public computer in the UK, noting many fine secret ones) and wanted to test their RNG. The post office refused to cooperate with a feed from Ernie, concerned imperial would detect non-randomness and undermine the integrity (or PR) of the premium bond draw.
> A method for generating a pseudo-random numbers Initially, the state of a chaotic system is digitized to form a binary string. This binary string is then hashed to produce a second binary string. It is this second binary string which is used to seed a pseudo-random number generator. The output from the pseudo-random number generator may be used in forming a password or cryptographic key for use in a security system.
"They’re not even connected to anything, but their perpetual swinging action is what keeps the internet safe(r) from hackers and protects your online transactions from fraudsters."
That sentence triggers me on so many levels.
Down below in the article it says that cameras are sampling the motion. So, ultimately the setup is connected to something, and it is being actively used as a quality source of entropy for cryptography. Brilliant, actually, but this is not what "keeps the internet safe". Strong encryption is a source of trust, nothing more. Proper security needs to rely on a few things that we have to assume to be unbreakable. Only then we can build on top of that. Sadly, even unbreakable encryption, if used incorrectly, can bring the whole thing down. I really don´t like articles that sensationalize "neat details" and by that distort the bigger picture.
Unfortunately, I couldn't find any video of the cloudflare pendulums in action, but this other one [1] gives some idea, despite being human powered rather than battery powered.
Btw, I imagine a camera pointed at a busy intersection with lots of pedestrian traffic (e.g. Times Square) to generate much more entropy.
Australian National University hosts a random number generator based on quantum fluctuations in the vacuum : https://qrng.anu.edu.au/
Question : With respect to breaking cryptography, today's cryptographically secure pseudo random number generators (CSPRNGs) seem capable.
What threat scenarios would require true (or near-true) random generators?
And very importantly, a TRNG is often not cryptographically safe and should never be directly used for security related use cases. Basically only be used to (re)seed a good CSPRNG (DRBG in NIST parlance).
Another benefit of a CSPRNG is vastly higher performance than most TRNGs can achieve. A TRNG often provide kbps birate. A CSPRNG can easily deliver Many MBps, even GBps.
> also the shadows behind them. The alcove is lit by daylight, so the shadows cast by the swinging double-pendulums will change depending on how sunny it is or, more usually in London, how gloomy it is.
Wouldn't that result in time based patterns matching the daytime/nighttime cycle? Then again, I guess this would only happen during continuous use over a number of days and perhaps that's not the use case.
It still adds entropy. You're thinking of uniform entropy vs just entropy, but the former is easy-ish to produce from the latter, for example by using hash functions.
Also, it's obviously a stunt - you are probably much better off measuring decay of trace amounts of natural radioactive isotopes. But it is not without merit.
Yes there is a day/night cycle but it also depends too much on the weather on a ridiculously tiny scale to be realisticly predictable. And even if it was indeed predictable, it woud still add complexity to the prediction
As a layman how does this physical random generation help with security. Can any hacker ever chase any random enough number generated by some algorithm? To me it looks like if there was 0.001 percent chance of guessing a random this technique just reduces that chance in theory. A long enough password is already considered secure, how does this thing make it any more secure in practice?
Random numbers are used to generate your TLS certificate key or your SSH key. If one can predict how a TLS or SSH key was generated they could impersonate the key holder.
Here is an explanation of what was possible when a Debian packager mistakenly introduced a patch which reduced the SSL certificate keyspace in 2008: https://jblevins.org/log/ssh-vulnkey
The possibilities of keys which were generated by this random number generator was so small, that a brute-force attack on keys was feasible.
That being said, for years, random number generators have been using random signals coming to your computer (key strokes, network packets, ...) and feeding them into a sponge function. You don't need lava lamps or pendulums to generate random numbers, it's just for the press.
Speedrunners abuse this in a fun way on older consoles, RNG manipulation [1]. For example the SNES had no actual source of random numbers, so games had to use the inputs as the most unpredictable random source. However, if you do that, people figure out how you can scroll through a menu to force an item to drop or an attack to become great[2]
If implemented in full tool assisted speedruns, this can become entirely ridiculous. That rare thing you need to grind hours to find? nope. just press these 18 buttons starting at the right frame and it'll drop first try.
Nintendo's relatively modern Mario Maker 2 even deliberately chooses not to have real randomness. "Random" MM2 courses such as "Carlsino" actually rely on subtle differences in player inputs, if you could ensure you don't deviate from a certain series of button presses and timings then the "random" elements would always turn out the same.
Aye. It is a very interesting question if you need or even want full randomness in a game.
If you have something that's geared towards speed running, fast execution and mastering, being deterministic is actually a good thing. Otherwise, the player has to re-roll a hundred times to get the "good seed" to get a good run - that's very frustrating. Look at some of the kings quest speedruns for this kinda frustration.
Or in a similar direction - tetris with a true random piece selection can result in very frustrating and unwinnable piece sequences (which bastard tetris is dialing to 12). Instead, quite a few modern implementations choose some set of tetrimonios and fill a bag with 3-5 repetitions of this set and choose from that. This limits the possibility and length of possibly frustrating pieces.
Conventionally speed running communities define their own categories. So as long as there's some way people can agree for how to compete things work out OK. You'll see that for example several important speed running games have "No major exploits" in a category rule - who decides what's a "Major exploit" ? The other runners, duh.
At a GDQ it's fun to watch some awful exploit "win" Mario in eight seconds (not a real example) by messing with a game bug and precise input, but it's also fun to watch somebody who is incredibly good beat it the way you'd imagine you could if you were much better at the game, so there's room for multiple categories in popular games.
If there's a split it can often be resolved by having two categories. If you think it's stupid to hope to get a good seed in Minecraft, you can just only run the chosen seed categories, meanwhile if you think that sucks because it doesn't reward agile thinking you might prefer the random only categories. Both groups get to have fun.
A single random password simply isn't enough - Cloudflare deals in millions (actually many many more) of secure handshakes per second.
Each has to be secure with a unique unpredictable element.
One way (of many) is to use complex PRNG's - Psuedo Random Number Generators, but these can (theorectically) be sequence guessed and then are predictable (or least have a greatly reduced "guess space").
A hybrid way is to regularly reseed a PRNG with a "truly random" starting point, milk that for a few hundred values, and then kick it again with a new random seed.
These particular pendulums have "simple" mechanics that are similar to the dynamic systems represented by Lorenz's Butterfly [1] (not exactly but with similar properties) and thus move in chaotic unpredicable ways (such as the timing between the last crossbar changing directions) - these can be "driven" (the base rocked | vibrated) by a small motor) so they continuusly move and yet the path through phase space is still unpredictable.
So, without knowing for certain whether this is what Cloudflare is doing here, that is one way in which many many truly random numbers can be generated to feed into secure handshakes; using unpredictable seeds to feed into twisted PRNGs.
Seemingly chaotic does not equal random. But unless someone figures out a way to make the chaotic seem no longer chaotic, it will be good enough for our purposes.
These circuits are really simple. Unless the NSA has backdoored solid-state physics it's no greater a risk than this approach. (The NSA very well could backdoor the camera you point at these pendulums).
Hmm, I had to check this and came across this thread on Reddit. NIST has a standard for it, but the exact point is that _that_ can be influenced by them.
Also, somewhere in the thread, they mention that it is probably too hard to verify how it is actually implemented in the hardware.
There are many algorithms where instead of transferring data using a computationally expensive (usually public key, like RSA) algorithm, the data is encrypted with a much faster (usually symmetrical, like AES) algorithm using a random key and then the key is transferred using the expensive algorithm.
If you can guess how the random key is generated, then you can decrypt the message without breaking either encryption algorithm. That's why it is important to have really unpredictable random data, and physical randomness is the best for that.
In practice, that wall of pendulums is unlikely to make a difference compared to the more mundane techniques used in most computers these days, that rely on some CSPRNG combined with various hard to predict system events (ex: interrupt timing), but it looks way cooler.
Fun fact, Hackernews itself was "hacked" by a user doing exactly this. A user realised they could successfully guess the key-space the server used to encrypt it's user cookies. Had it had a greater source of random it wouldn't have been possible.
Amusingly, I had pointed out that HN was vulnerable to such an attack about a month before that user did it. And I was also involved into setting up Cloudflare's Lava Lamps.
Things can be more than one thing. Of course it is a PR piece.
But it is also a source of entropy that is hard to manipulate (if we ignore the cameras, image generation etc). And it is a good source, initiator for discussions about entropy, random numbers and why we need them to secure things. This thread on HN shows that it is so. And for 'normal' people probably even more.
I'm sure they have a lot of non-geeky visitors that look at the installation, read the sign and start asking questions. And if it was me, starting to jump in front of the installation, waving my arms - to provide my bit of entropy to the pool.
These are double pendulums, it's a famous chaotic system. Even with a video frame it would be impossible to predict more than a few seconds of the system.
I wish articles like this described the technique for what it is, that is a fun gimmick, or maybe even an art installation, rather than misleading the reader into thinking that this is produces better randomness than any other common entropy source (there is no indication of that). It is misinformation that does not make the reading any more entertaining or informative.
"critical to the security of the global internet"? Really?
Since they mix it with other entropy sources, it really doesn't matter. At best, you have a cool marketing gimmick. At worst, the extra complexity from this art installation introduces some vulnerability in the future.
I smell security theater, and a red herring for dim adversaries.
OTOH...if I ran Cloudflare's PR Dept., and was responsible for keeping the internet's millions of self-styled experts (who generally know just enough to be really annoying) feeling both informed, and sure of Cloudflare's security virtues - then I'd probably be pushing for more of these setups. And for-sure one of 'em in any Cloudflare office where I or my people might be stuck giving interviews to journalists. Every second of an X-minute interview that was "wasted" by the reporter staring at the Sock Puppets of Randomness would be one happier second in the lives of me and my people...
Fun fact, HN itself was "hacked" due to bad random once (https://news.ycombinator.com/item?id=639976).