Walk into the lobby of one of the world’s largest cybersecurity firms, and you’ll be faced with a wall of 100 lava lamps. They bubble, change and morph in a hypnotic, brightly colored display straight out of the 1960s. They’re not just quirky tech company retro chic. That wall of amorphous wax is actively protecting your bank account.
Cloudflare is an Internet infrastructure company that provides security broadly 20% of all websitesWhich includes major platforms like Apple, X, Discord and Zoom. If you check your credit card balance, buy a pair of shoes online, or log into your retirement portal, your data probably flows through their network.
random logic
Encryption relies on incredibly complex mathematics. When you type in your banking password, an algorithm converts that information into an unreadable code before it is transmitted over the Internet.
To generate that code, the system needs a key. And for a key to be secure, it must be generated using truly random numbers. If a hacker can guess the sequence of numbers used to create your key, they can crack the encryption, read your data, and access your money.
This is where the technology hits a wall. Computers are completely logical machines. They follow the step-by-step instructions perfectly. They are completely predictable.
Because they are designed to be predictable, computers are inherently terrible at being random. If you ask a standard computer program to choose a random number, it uses a mathematical formula to generate one. Given enough time and computing power, a smart hacker could reverse-engineer that formula and predict the next number in the sequence.
History is full of security breaches caused by weak random number generators. To get true, unbreakable randomness – what security experts call entropy – you have to look outside the digital world and turn to the physical world.
liquid safety
The lava lamp is a chaotic system. As the heat source heats the wax, it rises, cools and falls in patterns that are never repeated the same way twice.
In his San Francisco office, Cloudflare places a video camera on this wall of lava lamps, filming them 24 hours a day. The camera captures the continuous, unpredictable changes in the shapes and colors of the wax.
The computer system takes that video feed and examines it frame by frame. It translates the specific colors and brightness of pixels into a continuous stream of random data. That stream is then fed into servers that generate encryption keys to protect your financial transactions.
It calls the system LavaRand. Cloudflare launched it in 2017, although the basic concept originally dates back to Silicon Graphics in 1997.
The sheer scale of the operation makes it foolproof. Even if a hacker managed to secretly place their camera in the lobby to record the lamps, they still wouldn’t be able to replicate the exact angle, lighting conditions, lens dust, and pixel translation used by the official camera. In other words, you can’t hack a lava lamp.
expansion of entropy
The quest for physical randomness doesn’t stop with wax and heat. The company has expanded this concept to its other offices around the world, using various sources of physical chaos to ensure that the system is never dependent on a single point of failure.
In London, it tracks the chaotic, swooping movements of the double pendulum. In Austin, it captures the changing patterns of transparent rainbow mobiles suspended from the ceiling. In Lisbon, it uses wave machines to generate unexpected fluid dynamics.
In San Francisco, people walking into these offices also play an important role. When employees, delivery drivers, or visitors pass by the lava lamps or stop to take selfies, their movement changes the light and reflections on the glass. Every shadow and reflection adds another layer of unpredictability to the video feed.
security you can’t code
We think of digital security as purely a software issue, which can be solved by typing stronger passwords, updating our apps, or setting up two-factor authentication.
But the foundation of Internet security rests on the messy, anarchic reality of the physical world. Your money is being protected from unpredictable swirls of hot wax, swinging metal and random footsteps of strangers in the lobby.
Even the best encryption can’t protect you if your data is already available. with NordProtectYour identity is monitored 24/7 – so if your personal data appears on the dark web, you’ll immediately know which accounts may have been compromised, and what you should do about it before it becomes a real problem.