It’s fascinating when security relies on simple and robust ideas. This is the case with Cloudflare, which uses a “wall” with 100 lava lamps and a camera to capture randomness from the physical world and strengthen SSL/TLS encryption. The key: transforming unpredictable images into high-quality entropy to generate cryptographic keys that are truly difficult to guess.

Cloudflare provides CDNs (Content Delivery Networks) so that the data we access reaches our devices as quickly as possible, and also offers internet security services to companies and individuals. It is estimated that 16% of all global internet traffic passes through its infrastructures.

What is entropy?

• Entropy is a measure of unpredictability. The more entropy a key has, the harder it is to guess or reconstruct.
• Computers are deterministic: with the same input, they always produce the same output. Therefore, on their own, they do not generate strong “randomness.”
• To protect HTTPS sessions and data, systems use CSPRNGs (cryptographically secure pseudo-random number generators) that need unpredictable seeds. That’s where physical entropy comes in.

How the wall of lava lamps works

1. Physical capture of chaos
   A wall with 100 lava lamps is in the lobby of the headquarters. A camera takes pictures at regular intervals. The shapes, colors, and movements of the “flow” are chaotic and unrepeatable.
2. Digitization and mixing
   Each image contains millions of pixels with numerical values. This data is converted into random bits and combined (mixed) with other sources of entropy from the operating system to reinforce unpredictability.
3. CSPRNG seeding
   The resulting entropy feeds CSPRNGs that derive cryptographic material: session keys, nonces, and other critical values in the establishment of secure connections.
4. Resilience and diversity
   If someone passes in front of the camera or changes the lighting, it does not “break” the system: it adds more entropy. In addition, there are alternative physical sources in other offices (for example, chaotic systems such as double pendulums or controlled physical measurements) to avoid dependence on a single mechanism.

What is it used for?

• Establishment of secure SSL/TLS connections (HTTPS): ephemeral session keys, handshakes, and values that require robust randomness.
• General strengthening of the key ecosystem: more entropy implies less probability of predictable patterns and prediction attacks.

What it means for a company:

• Less cryptographic risk: better seeds → stronger keys → lower probability of prediction or reuse attacks.
• Reinforced compliance: practices aligned with security standards increase audits and customer confidence.
• Scalability: hybrid models (physical + OS) ensure sufficient “random fuel” even with peak key demand.

The best security is the one that is executed. At InnoIT, we put it into action with you. Shall we talk?