[Cryptography] Lava Lamps Can Actually Create Secure File Encryptions - Here's How

[Jon Callas]

> On Mar 4, 2026, at 15:35, Kent Borg <kentborg at borg.org> wrote:
> 
> Be careful with your cameras, they can't be trusted to just take a picture these days, who knows what post-processing you will get this week. Given what cameras optimize for (what people can see and like to see), lava lamps seem a better target than black, the lava lamp gyrations seem likely to make it through to the other side as entropy.
> Random number generators can fail in so many silent ways.
> 
> -kb, the Kent who suggests being careful with sound, too, as codecs can sneak in and silence what they perceive to be silence.
> 
> P.S. Iphones have a setting the discourages the camera from too much tampering, I think it is named something about taking pictures more quickly. Though who knows what it will be and what it will do next week, and what I heard has to be at least a week old by now.
> 

I'll write something more detailed in a bit, but I wanted to get something in quickly.

You're right that one needs to be careful; my argument is that it's less than you think.

You assumed "codec" for example, and the script that Byrl Raze Buckbriar gave us is pulling hiss directly from the audio subsystem and doing some massaging to it. (I also think they are overthinking this just a little. Later, though.) It's raw audio. You only need enough to properly feed your RNG, and that's in the range 128 to 1024 bits. It's not much, really. There's no codec there, and even if there were, just take more samples as codecs have noise in them.

With an image, obviously a RAW (or DNG, which is just a standardized file format) is better on some level than a JPEG. However, we can also consider a JPEG to just be a transform that chunks an 8x8 pixel chunk into a some cosine data, and so the worst looseness is that it reduces the pixel count by a factor of 64. So that means that instead of turning 12M pixels into a hash, we're turning 1.5M pixels, and that's enough over the 1024 bits we need to be just fine. However, yeah. We're going to take the RAW data sensor bits and hash them and more is always better.

My bottom line argument is that if you think that a lava lamp is good enough, then there are many easier things that work just fine, and as my flourish is that a camera with the lens cap on is actually *better* than the lava lamp. Part of my argument that once you get to 1024 bits of goop, nothing else matters. See -- it's all quantum, all the way down. Every turtle in the stack is quantum-random.

	Jon