TLDR
-
Cloudflare’s lava lamp entropy wall is security theatre; modern stream ciphers like ChaCha20 need only 256 bits to encrypt unlimited traffic.
Key Takeaways
-
Randomness is a property of an observer’s knowledge, not of the thing itself; this distinction determines whether encryption schemes actually work.
-
One-time pads are information-theoretically secure but require key bits equal to message bits, making them impractical at Cloudflare’s scale.
-
ChaCha20 and AES-256-CTR derive unlimited pseudorandom streams from a 256-bit seed, making lava lamp entropy sources irrelevant for encryption.
-
Fast key erasure (generate 512 bytes, overwrite seed, output all but first 32) limits blast radius if a local key leaks.
-
Critical pitfalls: never duplicate a CSPRNG buffer, never reuse a one-time pad key, and avoid stream ciphers with block sizes under 128 bits.
Hacker News Comment Review
-
No substantive HN discussion yet.
Original | Discuss on HN
