• NOT_RICK@lemmy.world
        link
        fedilink
        English
        arrow-up
        20
        ·
        2 months ago

        To collect this data, Cloudflare has arranged about 100 lava lamps on one of the walls in the lobby of the Cloudflare headquarters and mounted a camera pointing at the lamps. The camera takes photos of the lamps at regular intervals and sends the images to Cloudflare servers. All digital images are really stored by computers as a series of numbers, with each pixel having its own numerical value, and so each image becomes a string of totally random numbers that the Cloudflare servers can then use as a starting point for creating secure encryption keys.

        • RattlerSix@lemmy.world
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          2 months ago

          I’m sure they’re smarter than me but my novice cryptographer brain doesn’t understand this.

          Isn’t the string of numbers representing each pixel rather limited Aren’t all those sections of the image that have lava lamps limited to values somewhere in the reddish/blueish spectrum? Isn’t the gray background very non-random?

          Apparently the camera is accessible in the lobby. They say people walking in front of the camera adds randomness. If I go there and hold a photo in front of the camera which I know the values of, doesn’t that compromise everything?

          To be fair their site says they take the lava lamp output and combine it with entropy from two servers and probably do a lot of other stuff before actually getting random numbers. But I don’t get how the lava lamps photo setup is even close to being random

          tried and failed to add image, so here a link: https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/

          • barsquid@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            2 months ago

            If you hash the image with a strong algo, even a single different pixel should end up in a wildly different result.

            • RattlerSix@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              2 months ago

              But different doesn’t mean random. An attacker could test every possibility for that pixel rather quickly. Even faster if you know a bunch of the pixels are, for example, a shade of gray.

              I found an explanation where they bring up the issues I brought up as well as some others.

              https://blog.cloudflare.com/lavarand-in-production-the-nitty-gritty-technical-details/

              They give an example with one red value for a single pixel. They don’t address my point that there are a lot of pixels like that one, maybe not all would be 50/50 like their example but a lot of pixels would have a much narrower range of values than randomness.

              But they answer my second point about a hacker putting something in front of the camera with known values and that answer sort of takes care of everything. It boils down to, it doesn’t matter because the lava lamp wall output is mixed with other sources that an attacker doesn’t have access to.

  • owenfromcanada@lemmy.world
    link
    fedilink
    English
    arrow-up
    25
    ·
    2 months ago

    Math! Also, noise!

    There are algorithms (a set of math steps) that make pseudo-random numbers. These usually involve large prime numbers, because those usually generate fewer repeating patterns.

    A truly random number generator is similar to rolling dice: you use some source of randomness and convert it to a number. All electric circuits produce “noise” (which is often received radio waves and such that interfere with the circuits). Think of tuning a radio to a channel with nothing on it–you get “white noise”, which can be a good source of random information. Then all you need to do is convert that to a range of numbers, and you’re good to go.

    These are fairly simplified explanations, so take them with a grain of salt, but they give the general idea.

  • Smokeydope@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    2 months ago

    Psudo random numbers come from a special set of mathematical equations which act as the basis for natural processes. These are known as nonlinear dynamic equations.

    Their outputs feed back into their inputs. They show areas of high initial sensitivity where any tiny change in input totally changes the output over time. Finally, they often show areas of different cycling behavior. The branch of math which studies them is holomorphic dynamics.

    The psudo-randomness of slightly different seed values generating wildly different outputs has to do sensitivity to initial conditions. This is a property of the paramater space structures in which those random number sequences cycles through. The ‘path’ of numbers that will be cycled through is determined by starting position and the geometric topology in the complex plane which the equation generates.

    By graphing and iterating psudo random equations in the conplex plane, it generates infinitely complex geometric structures called julia sets which govern how algebraic numbers cycle through pseudorandom walks depending on initial seed values and equation used. These julia sets often are fractals with infinite complexity at its borders at all scales of precision.

    Julia sets have a “stuff goes everywhere” property which is the the real magic of where sensitivity to initial conditions comes from. But now were getting deep into the weeds of math nerd territory.

    Simply put, you put a random number in and it spits a more-or-less random number out, thanks to wierd properties that the higher dimensional fractal hyper structures generated by the equation in the complex plane have. Those lower dimensional random number cycles are embedded into the julia set structurally.

    A big issue with psudo randoms is they will always give the same series numbers if you begin the equation with the same computationally finite seed values. You could the generated sequence of numbers to work back and find the seed values and equation used to generate them. This is a serious security concern when using them for cryptography. The amount of computational work it takes to work back is massive but its doable with modern quantum super computers.

    The mechanics of pseudo random numbers comes from statistical combinatorics, nonlinear algebra,fractals, chaos theory, and sensitivity to initial conditions.

    True random numbers come from directly measuring physical phenomenon with sufficient randomness in their mechanics.

    Things like the decay of a radioactive isotope or lava lamp turbulence have built in randomness. There is no seed or way to generate the same sequence of motions or predicting when isotopes decay.

    Turbulance for example has fractal properties in its energy distribution as well as random brownian motion adding up on the atomic scale. Radioactive half life has uncertainty principal built into it. These universal operations have true uncalculatable randomness thanks to entropy, the uncertainty principle, fractals, brownian motion, chaos theory, and sensitivitiy to initial conditions.

    The physical universe is the most powerful computer there will ever be. It calculates with infinite decimal precision in its mixed mathematical, statistical, and physical operations. It uses real trancendental like pi numbers with infinite non-repeating decimals, and does its calculations at the speed of causality/light.

    Our best super computers will never be infinitely powerful. Our numbers need to be finite and computable to work with them and understand them. The universe could not care less if its values are finitely computable or usable for human work.

    So theres fundamental limits to how random we can get through artificial computer algorithm generation using computable numbers. True randomness through physical processes leverages the universes in built infinite precision and mechanical algorithms as a black box and just measures the output result.

  • SzethFriendOfNimi@lemmy.world
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    2 months ago

    I see a lot of good answers here but let’s try it from another angle.

    How do we get randomness from a function or formula?

    For starters let’s setup a few simple rules.

    Every time our random function is called we’ll

    • Take the last output from a variable we call LAST_RESULT
    • If there’s no value in LAST_RESULT we’ll assume the value is 1
    • We run a set of calculations storing the value in a variable we call X
    • We store the result of these calculations in LAST_RESULT
    • We return this new “random” number.

    So let’s call it.

    > Random()
    Since LAST_RESULT is undefined SET LAST_RESULT to the value of 1
    Set X to the result of this calculation 
       (LAST_RESULT+1) * 3
    

    X is now 6

    Set X to the result of this calculation
       (X + 7) / 2
    

    X is now 7

    Set X to the result of this calculation (rounding to the nearest whole number)
       X/LAST_RESULT
    

    X is now 7

    Set LAST_RESULT to the value of X
    

    LAST_RESULT is now 7

    Return the value of X as the result 
    

    Result is 7

    Ok. So let’s call it again

     > Random()
    Set X to the result of this calculation 
       (LAST_RESULT+1) * 3
    

    X is now 24

    Set X to the result of this calculation
       (X + 7) / 2
    

    X is now 16

    Set X to the result of this calculation (rounding to the nearest whole number)
       X/LAST_RESULT
    

    X is now 2

    Set LAST_RESULT to the value of X
    

    LAST_RESULT is now 2

    Return the value of X as the result
    

    Result is 2

    And if we call it again we get seemingly random results

    Random() Result is 4

    Random() Result is 3

    But the next time you run it you’ll get the same results in the same order. 7, then 2 then 4 then 3

    So what you need is something to “seed” the random number calculation.

    Something like

    SetRandomSeed Set LAST_RESULT to the current second of the day

    Then when you call Random after this it starts with that as the prior results and gives seemingly random results.

    Of course my calculations are rough and probably fail/repeat after so many calls but it gives you an idea of how this works.

    So the trick is to get noise for the seed. That could be the number of non leap seconds since 00:00:00 UTC on Thursday, 1 January 1970 (Unix epoch)

    Or the temperature reading of a CPU chip.

    Maybe it’s the ratio of red vs yellow from a camera feed looking at lava lamps.

    Or the current users average typing speed.

    An additional note. Many of those would not be “cryptographically” secure for encryption because they can easily be determined by a third party. We all experience the same “Unix epoch” within a few milliseconds if our system clocks are properly set for example. Or monitored from afar and reproduced (hacked webcam shows they had just typed the following letters in the previous 27 seconds that we know the “algorithm” uses, etc.

  • yesman@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    2 months ago

    You can use physical objects like dice or lava lamps that will naturally form random distribution when we check. But Newton and others would argue that even this was a determinant problem and if you had perfect knowledge of the dice and a good physics theory, you could predict the outcome.

    We can only recognize randomness by the patterns it leaves behind.

    The philosophical truth is that we don’t know if “randomness” is an actual phenomena or just a bucket where we put outcomes we haven’t learned to predict yet. A sort of randomness of the gap. Some have suggested that as a pattern-recognizing machine, the human mind simply can’t conceive randomness. Even the way “randomness” is verified is by looking at the distribution in the outcome and see if it matches the pattern we expect.

    • model_tar_gz@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      2 months ago

      The notion that our universe is perfectly causal to the point that you can predict exactly when and where that specific atom will decay is pretty much bunked at this point. Not that living in a probabilistic, quantum physics universe is any fucking easier to comprehend but them’s be the cards we were dealt.

  • Zak@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    2 months ago

    PRNGs aren’t random at all; they produce a deterministic sequence of numbers based on a seed value and an internal counter. Two PRNGs using the same algorithm and seed will produce the same sequence of numbers. The sequence is difficult to predict without knowing the algorithm and seed, and the values are close to evenly-distributed, which is enough like random numbers for a lot of use cases.

    Here’s an example in Ruby:

    seed = Random.new_seed()
    => 142757148148443078663499575299582907518
    prng_1 = Random.new(seed=seed)
    prng_1.rand()
    => 0.6702742156250219
    prng_2 = Random.new(seed=seed)
    prng_2.rand()
    => 0.6702742156250219
    prng_1.rand()
    => 0.9667236181962573
    prng_2.rand()
    => 0.9667236181962573
    

    If you run this yourself using 142757148148443078663499575299582907518 as the seed, your first two pseudorandom numbers will also be 0.6702742156250219 and 0.9667236181962573, assuming your version of Ruby hasn’t changed its PRNG.

  • InverseParallax@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 months ago

    Mathematically? True random numbers cannot be.

    Electronically?

    Either listening to environmental noise (human input, but mostly these things called ring oscillators that are basically chains of not gates and the initial state combined with noise, temperature and process variation).

    The real magic is taking some noise source and hiding most of it (think modulo operation or similar) so people see large variations without being able to sample enough of it to find patterns, ie if the source is thermal variance, it might have a sine wave effect but you take the lowest significant bits only, and hide the biggest bits so they can’t easily model the pattern.

    There’s more, lot of finite field math and transforms, whitening functions, etc.

    • vxx@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      2 months ago

      I once read that pokerstars uses the cosmic background noise to shuffle cards (sorting cards might be a more apparent term here.