Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×

Search

Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

How Lava Lamps Help Protect Your Data

They're at the heart of a groovy encryption method


spinner image lava lamps
A San Francisco cybersecurity firm uses lava lamps to strengthen encryption efforts.
Dani Grant/Cloudflare

Ah, the lava lamp: icon of hippie coolness, setter of moods, instant nostalgia generator. Also, a warrior in the battle to protect your digital data. What?!

It’s true. A wall of 100 lava lamps, located in the lobby of the San Francisco headquarters for internet service and security company Cloudflare, is part of a Rube Goldberg–like method to securely encrypt data. And it's a lot of data: Cloudflare says it handles more than 10 percent of all http and https traffic (the most common types of web page requests) on the internet. Its customers include some of the world's biggest digital-commerce giants.

spinner image Image Alt Attribute

AARP Membership— $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine.

Join Now

spinner image  Lava Lamps
Video of the lamps is fed to a computer and converted into data, which is then used to generate random numbers that serve as the basis for encryption.
Dani Grant/Cloudflare

Cloudflare calls its invention the Entropy Wall and uses it as a backup to more traditional encryption methods. You can see it in action in this YouTube video.

The wall is, well, a groovy way of addressing a surprisingly difficult tech question: How do you create a truly random number?

Those numbers are vital to the process of securely encrypting data, but generating them by computer creates a potential problem. Computers “can execute the same code a million times, and so long as they are given the same inputs each time, they’ll always come up with the same outputs,” Joshua Liebow-Feeser, a security engineer at Cloudflare, writes in a company blog post. In other words, it’s at least theoretically conceivable that a computer-generated random number can be predicted and the encryption can be broken.

But the 100 lava lamps scramble that digital thinking. The flow of the “lava” (actually a wax compound) in those lamps can potentially be affected by all sorts of factors — variances in room temperature, vibration from a nearby copy machine, someone touching a lamp, light bulbs in the bases that run hotter or colder than usual, or pretty much anything that can make the lava move. That throws a chunk of random real-world chaos into this digital process.

All of this is made digital by pointing a camera at the lamps and sending the feed into a computer. That feed is converted into data, which are then used to generate random numbers that serve as the basis for encryption.

Engineers at the company call the system LavaRand and point out that it’s not an original idea. Computer and software manufacturer Silicon Graphics proposed and patented the system in 1996, but that patent has expired.

“Hopefully, the primary sources of randomness used by our production servers will remain secure, and LavaRand will serve little purpose beyond adding some flair to our office,” Liebow-Feeser says in the blog post. “But if it turns out that we’re wrong, and that our randomness sources in production are actually flawed, then LavaRand will be our hedge, making it just a little bit harder to hack Cloudflare.”

So the next time you fire up your lava lamp, remember, it's a vital security tool.

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?