It also helps serve the needs of millions of websites. This is like the mileage of a freight train: you have to look at how many tons it carries in that distance compared to alternatives. That's 2KW for easy true randomness. They have to get it some way, and this is probably the most efficient option for their purposes.

From the end of the blog post, the LavaRand project was never actually used as a primary source of random numbers.

>Hopefully we’ll never need it. Hopefully, the primary sources of randomness used by our production servers will remain secure, and LavaRand will serve little purpose beyond adding some flair to our office. But if it turns out that we’re wrong, and that our randomness sources in production are actually flawed, then LavaRand will be our hedge, making it just a little bit harder to hack Cloudflare.

So, no, it isn't serving a purpose for millions of websites. It's 2kW of lamps running as a backup in an office nobody is going into right now to even look at.

Yes, it is. I'm not sure what you think that post says, but it means LavaRand is currently serving a purpose in production. The whole point is to add more randomness to their other methods to protect against exploits or failures in the implementation of those methods. This is like the drives in a RAID setup. All those drives are a waste of power if you only care about when things work right. The point is to provide safety when things break.

The previous paragraph:

>> "LavaRand is a system that uses lava lamps as a secondary source of randomness for our production servers. A wall of lava lamps in the lobby of our San Francisco office provides an unpredictable input to a camera aimed at the wall. A video feed from the camera is fed into a CSPRNG, and that CSPRNG provides a stream of random values that can be used as an extra source of randomness by our production servers. Since the flow of the “lava” in a lava lamp is very unpredictable,1 “measuring” the lamps by taking footage of them is a good way to obtain unpredictable randomness. Computers store images as very large numbers, so we can use them as the input to a CSPRNG just like any other number."

But unfortunately it's not. In the analogy given in the comment I responded to, these lava lamps are a locomotive burning fuel while not actually moving any load. Sure it's there to "serve a purpose" if the primary breaks, but that doesn't mean it's doing any work when the primary is functioning just fine.

This is the check on the primary. It moots the concern of whether or not the primary is working. You could turn them off, but then the system is open to all the vulnerabilities known and unknown this mitigates.

It’s probably not literally the most efficient, but it is very good publicity. It is deliberately displayed behind the reception as a talking point.

It's definitely not the most efficient. Let's get that straight. Even within the space of "cameras pointed at chaotic systems", it's trivial to imagine less energy intensive chaotic systems than a rack of heaters convecting molten wax.

2kW still seems like a lot compared to just putting the cameras in a lightless cardboard box, which will work just as well.

This is energy spent because it looks cool, not because it's effective.

Why even use a camera? Use an avalanche diode and sample the noise.

Of course. I'm just pointing out the inefficiency by noting a minimal modification that would use less power.

An even more minimal modification would be to use those USB-powered "glitter" lava lamps. The idea that 2 kilowatts of heat being dumped into molten wax represents some kind of efficiency optimum is completely absurd.