Short of them actually publishing the image signature the camera takes as the random input, no. Imagine just how much sensor noise is sitting across the image, and figure on other elements others have mentioned: the angle, the aperture, etc. I imagine two near-identical frames without any movement between them taken on a single camera might still have a significant amount of entropy between them, especially if you're using the camera raw data, for those reasons.

They (CF) discuss this on their deep dive:

>>>The flow of the “lava” in a lava lamp is very unpredictable,6 and so the entropy in those lamps is incredibly high. Even if we conservatively assume that the camera has a resolution of 100x100 pixels (of course it’s actually much higher) and that an attacker can guess the value of any pixel of that image to within one bit of precision (e.g., they know that a particular pixel has a red value of either 123 or 124, but they aren’t sure which it is), then the total amount of entropy produced by the image is 100x100x3 = 30,000 bits (the x3 is because each pixel comprises three values - a red, a green, and a blue channel). This is orders of magnitude more entropy than we need. [1]

1: https://blog.cloudflare.com/lavarand-in-production-the-nitty...

If the information encoded in the lava lamps is not important for the entropy, why do they even need to be there?

If it just needs to be some image, and it doesn't actually matter if others know what it can see, why not just point the camera at a normal lamp, or an empty room, or the sky?

It is, the author is just saying that even without it they still have enough entropy in the system to be secure enough.

Any old image doesn't have pretty strong random number generators in it.

You’d have to get a picture in the exact same angle, which is unlikely.

You’d also have to be using very similar equipment and know precisely how they derive their random numbers from the image.

It leaks information at any angle.

Doesn’t really matter. With modern CSPRNGs, even if one input is compromised you’re still as strong as the remaining entropy (as long as those sources are statistically independent from the compromised one).

If this was the only source of randomness it might be a problem, but if they’re `cat`ting it into `/dev/random` as an external source, it can only really improve things. Even if someone were to compromise the feed from the office to the datacenter, it wouldn’t matter since they’d have to know the internal RNG state in order to “negate” its randomness with the lava lamp feed. If they have that, you’re already lost anyway.

This is addressed in the last paragraph of the article.

Not really. They say that having random (ha) people in the picture improves the entropy, but they don't address the possibility of people using it to gain information about Cloudflare's entropy pool.

presumably if you set up camp with a camera in their lava lamp room, somebody is going to raise some eyebrows.

Not only that but your cameras are going to have to be precisely in the same place as theirs, with an identical view and be identical models with identical sensor variation, dust on lens etc etc etc ad nauseam.

As you say, that might raise a few eyebrows.

Wouldn't you just cover their camera with paper or some other known pattern, if you were going to try that?

Ooh! Can you shine a laser into the camera to blind it? Burn the sensor to a crisp and then let that seed the CSPRNG!

Great way to test how quickly you can get thrown out by security guards