Lavarand

Lavarand is a hardware random number generator designed and trademarked by Silicon Graphics (SGI) in 1996.^[1][2] The system operates by digitizing the chaotic patterns of warm wax blobs oozing inside an array of lava lamps. This data is then processed with a cryptographic hash function to produce a high-quality seed for a cryptographically-secure pseudorandom number generator (CSPRNG).^[1]

The Wall of Entropy is a wall of lava lamps at the San Francisco headquarters of Cloudflare, which was inspired by Lavarand.

From 1997 to 2001, SGI ran a website that demonstrated the technology.^[2][3] Its visually distinct method made it a frequently cited example of entropy sourcing.^[2]

The concept was later revived and popularized by Cloudflare, which uses a wall of lava lamps in its office lobby as one component of its entropy-gathering system, the Wall of Entropy.^[4][5]

History

SGI's invention of Lavarand was a direct response to a significant security crisis in the mid-1990s as the Internet was transitioning into a commercial platform.^[6] The security of the new Secure Sockets Layer (SSL) protocol depended on high-quality random numbers for generating session keys. In 1995, computer scientist Phillip Hallam-Baker discovered that the implementation of SSL in Netscape Navigator, the era's dominant web browser, used a predictable method for seeding its pseudorandom number generator.^[6] The seed was derived from the time of day, the process ID, and the parent process ID.^[6] An attacker could potentially guess these values, predict the seed, and compromise a secure session. This vulnerability highlighted the critical need for accessible and unpredictable sources of entropy to seed cryptographic systems.^[6]

Lavarand was SGI's solution, invented and patented in 1996, the year after the Netscape vulnerability was exposed,^[1][2] by mathematician and cryptologist Landon Curt Noll, software engineer Robert G. Mende, and Sanjeev Sisodiya.^[2][1] Noll was already known for his work on large prime numbers and for co-creating the Fowler-Noll-Vo (FNV) hash function.^[7][8]

The system's hardware comprises an SGI O2 workstation, known for its multimedia capabilities; a proprietary SGI O2cam with a 512 × 480 pixel CCD sensor for image capture; and an array of six Lava Lite lamps as the chaotic source.^[9][10][1] The process begins with the O2cam capturing a digital photograph of the lamps. This raw 921,600-byte image file, containing both the visual chaos of the wax and electronic noise from the camera's sensor, is then processed using the SHA-1 hash algorithm to extract its unpredictability.^[1][11] The hashing step produces a 140-byte hash output that is then used to seed a CSPRNG. The patent specifies the Blum Blum Shub generator as a preferred choice for the final stage, which can then produce a rapid stream of random numbers.^[1] The complete method was documented in U.S. patent 5,732,138. The patent's claims are not limited to lava lamps but cover any chaotic system used in a similar manner, and its expiration allowed companies like Cloudflare to use the underlying concept without license.^[2][1]

Legacy

Landon Curt Noll later collaborated with Simon Cooper to develop LavaRnd, an open-source successor designed to be more accessible and efficient.^[9] LavaRnd differs from the original SGI system in several key areas. It replaces the visual entropy source of six lava lamps with the electronic thermal noise from a lens-capped webcam CCD.^[12] A significant change is in its output; the SGI system produces a 140-byte seed for an external generator, but LavaRnd was designed to directly output a continuous stream of cryptographically sound random numbers. This redesign led to a major performance increase, from the SGI system's approximate 8,000 bits per second for seed generation to between 77,000 and 206,000 bits per second of random data from LavaRnd on a commodity PC of the era. The hardware requirements are democratized, moving from a specialized SGI O2 workstation to a standard PC and a low-cost webcam. Finally, the legal status changed from the proprietary SGI system covered by a U.S. Patent to LavaRnd's algorithm being placed entirely in the public domain.^[9]

In 2017, the web infrastructure company Cloudflare launched its own entropy-gathering system, directly inspired by SGI's work.^[5] The installation is located in the lobby of its San Francisco headquarters, with a wall of around 100 lava lamps that are continuously monitored by a camera. This system is a public and visually striking symbol of the company's commitment to Internet security.^[13]

Unlike the 1990s system, Cloudflare's Lavarand is not the primary source of entropy for its servers, because modern CPUs include their own high-speed hardware random number generators such as RDRAND. Instead, the data from the lava lamps is a secondary, independent source. The random data is made available to Cloudflare's global servers, which incorporate it into their local entropy pools to protect against any potential systemic flaws in the primary CPU-based generators.^[14] Cloudflare has since expanded this concept into a global network of entropy sources, branded as the Wall of Entropy, to diversify its randomness inputs. Other installations include a wall of chaotic double pendulums in its London office and a Geiger counter measuring the radioactive decay of a uranium pellet in its Singapore office.^[5][15]