Do Cloudflareʼs Lava Lamps Actually Do Anything?

Cloudflare's lava lamps

Right now, you're reading bytes that traveled through Cloudflare's infrastructure, encrypted with keys that may have been seeded by a wall of lava lamps featured in their San Francisco office.

That's LavaRand, the implementation of a TRNG (True Random Number Generator) relying on the physically chaotic patterns of warm wax moving inside a lava lamp to generate truly random bits. Those bits contribute to secure TLS communications between clients and Cloudflare servers.

The idea is simple and elegant: by taking a picture of a wall of lava lamps, it's then possible to extract truly random bits from this very good source of physical entropy. Each picture is hashed (e.g., with SHA-2 or SHA-3) to capture the bits of the input's physical entropy (which contains far more entropy than the size of any hash digest). The digest of the hash is not used as is, but seeded to a proper cryptographically secure pseudorandom number generator (CSPRNG) that produces high-quality random bit streams at CPU speed, before the next reseed.

Of course, the raw pixel data must be used, not a compressed format like JPEG that discards information, reducing available entropy and adding deterministic compression artifacts.

Cloudflare didn't invent it (it was Silicon Graphics), but implemented a modernized version and put it in production at scale.

Where entropy comes from

LavaRand uses a camera to capture and digitize the state of the wall at a given time. It turns out the camera sensor itself is already a source of entropy, so: do lava lamps actually do anything?

Nowadays, every commodity camera uses a CMOS sensor. Original LavaRand implementation used CCD, which was more common at the time, but anything contemporary, including what Cloudflare certainly uses, is based on CMOS.

A CMOS sensor is already an excellent entropy source on its own, due to unavoidable physical phenomena. And it's also the case for older CCD sensors actually.

• Readout noise: Every analog amplifier introduces noise during the readout process. This is inherent to electronics. Some components of read noise (fixed-pattern noise) can be consistent across shots, but temporal read noise varies randomly.
• Shot noise: Photons arrive according to Poisson statistics. The number of photons hitting each pixel varies randomly, even under identical lighting. This is a quantum mechanical phenomenon and cannot be eliminated. Even with perfect electronics, the randomness in photon arrival times is fundamental.
• Dark current: Randomly generated electrons accumulate even in the absence of light, varying randomly across pixels. This is "real" randomness.
• Thermal noise: Random motion of electrons in the sensor electronics due to heat. This is Johnson-Nyquist noise.

These noise sources are guaranteed by the laws of thermodynamics and quantum mechanics. A camera pointed at a blank wall, a static photograph, or indeed anything at all would generate substantial entropy from sensor noise alone. The subject being photographed is largely irrelevant to the entropy output.

There's a subtlety with color sensors: the Bayer filter creates a repeating pattern across pixels, which could introduce periodicity. However, the noise in each pixel is still independent and random. Any such periodicity should be practically negligible, especially after cryptographic hashing.

The threat model of LavaRand

The question isn't whether lava lamps add entropy, it's whether they add entropy that matters depending on the threat model.

The sensor as single point of trust

Cloudflare specifies a threat model for their entropy mixing system, but doesn't address why lava lamps specifically are necessary versus relying on sensor noise alone. The camera sensor is the single point through which all information flows. This creates a critical observation: if the sensor is honest and uncompromised, it already provides abundant entropy regardless of what it observes. If the sensor is compromised or modeled by an attacker, the lava lamps provide no additional protection: the attacker's predicted output will match regardless of the scene.

The noise sources described above are fundamental and unavoidable, even with very high-end CMOS sensors. If you don't trust your sensor, pointing it at something chaotic doesn't solve the problem.

Intentionally biased sensor and supply-chain attacks

However, there are intermediate threat models, such as those implying supply-chain attacks. E.g., a compromised sensor with subtly biased noise characteristics, then an attacker who can predict sensor noise characteristics but not the physical scene. Lava lamps would add unpredictability here, as a defense-in-depth implementation.

But LavaRand is essentially a quirky repurposing of consumer hardware that is not designed for security purposes. Such an attack would require compromising commodity components at massive scale. Supply-chain attacks are plausible for targeted hardware such as CPUs (some suspect this applies to RDRAND/RDSEED) or high-value targets that are explicitly security devices such as HSMs or TPMs. CMOS sensors are not designed or marketed as a security device, and have no standard role in typical cryptographic infrastructure.

So why the lava lamps?

Some people snarkily qualified it as "security theater" or "marketing stunt". Well, of course, it's a very cute idea and people will talk about it. It's partly marketing.

One could argue the lava lamps represent defense in depth. But as discussed, this requires implausible threat models targeting commodity hardware.

The lava lamps make for a good story, excellent marketing, and memorable office tours, but they're not essential to the entropy generation. This isn't to say Cloudflare is being dishonest. They use multiple entropy sources and know their stuff. In their technical article, they explicitly mention the sensor noise as a source of entropy. Cloudflare acknowledges sensor noise contributes entropy, and they make it clear that LavaRand is just a source of entropy among others, which is the good practice anyway.

Cloudflare doesn't rely solely on San Francisco's lava lamps. Their offices worldwide contribute independent entropy sources: double pendulums in London, radioactive decay measurements in Singapore, air-current-driven mobiles in Austin, and as of March 2025, a wall of 50 wave machines in Lisbon (my favorite).

Further reading

• The Collector": A Gigabit True Random Number Generator Using Image Sensor Noise [PDF 330KB]. Demonstrates that CMOS sensor noise alone captured from "black pictures" with the lens cap on produces cryptographic-quality random numbers passing all Dieharder tests, without requiring any visual entropy source.
• Portable true random number generator for personal encryption application based on smartphone camera. Proposes a TRNG using smartphone camera shot noise under controlled illumination, noting that dark noise alone can show partial-predictable patterns and proposing ways to alleviate it.
• Practical True Random Number Generator Using CMOS Image Sensor Dark Noise. Demonstrates that sensor dark noise alone (no light source needed), passes NIST SP 800-90B randomness tests.