https://community.isc2.org/t5/Tech-Talk/The-Dangers-of-using-ChatGPT-for-Coding-Flipping-Bits-in-Ciphers/m-p/68059#M4332 <P>Hi All</P><P>&nbsp;</P><P>Some important lessons here:&nbsp;&nbsp;&nbsp; Prof Bill Buchanan:</P><P><SPAN class=""><SPAN><BR />I did a code review recently, and I noticed that the code was using AES with CBC (Cipher Block Chaining) mode. It involved saving encrypted data to database, and it just looked like copy-and-paste code. So, I took the database, and flipped a few bits, and showed the developer that I had changed the values of the transaction.<BR /><BR />“How did you do that?”, “Well, I flipped some bits!”, “But, it is encrypted”, “You do not have a MAC to check”, “What’s a MAC?”. “Where did you get the code?”, “I got it from ChatGPT”.<BR /><BR />I stopped there and was worried about the rest of the software. I then asked whether they knew how CBC worked and was met with a blank face.</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN><A href="https://medium.com/asecuritysite-when-bob-met-alice/the-dangers-for-chatgpt-for-coding-flipping-bits-in-ciphers-and-why-macs-are-so-important-fd1a980a684f" target="_blank" rel="noopener">https://medium.com/asecuritysite-when-bob-met-alice/the-dangers-for-chatgpt-for-coding-flipping-bits-in-ciphers-and-why-macs-are-so-important-fd1a980a684f</A></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Regards</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Caute_Cautim</SPAN></SPAN></P> Sun, 10 Mar 2024 04:51:57 GMT Caute_cautim 2024-03-10T04:51:57Z https://community.isc2.org/t5/Tech-Talk/The-Dangers-of-using-ChatGPT-for-Coding-Flipping-Bits-in-Ciphers/m-p/68059#M4332 <P>Hi All</P><P>&nbsp;</P><P>Some important lessons here:&nbsp;&nbsp;&nbsp; Prof Bill Buchanan:</P><P><SPAN class=""><SPAN><BR />I did a code review recently, and I noticed that the code was using AES with CBC (Cipher Block Chaining) mode. It involved saving encrypted data to database, and it just looked like copy-and-paste code. So, I took the database, and flipped a few bits, and showed the developer that I had changed the values of the transaction.<BR /><BR />“How did you do that?”, “Well, I flipped some bits!”, “But, it is encrypted”, “You do not have a MAC to check”, “What’s a MAC?”. “Where did you get the code?”, “I got it from ChatGPT”.<BR /><BR />I stopped there and was worried about the rest of the software. I then asked whether they knew how CBC worked and was met with a blank face.</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN><A href="https://medium.com/asecuritysite-when-bob-met-alice/the-dangers-for-chatgpt-for-coding-flipping-bits-in-ciphers-and-why-macs-are-so-important-fd1a980a684f" target="_blank" rel="noopener">https://medium.com/asecuritysite-when-bob-met-alice/the-dangers-for-chatgpt-for-coding-flipping-bits-in-ciphers-and-why-macs-are-so-important-fd1a980a684f</A></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Regards</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Caute_Cautim</SPAN></SPAN></P> Sun, 10 Mar 2024 04:51:57 GMT https://community.isc2.org/t5/Tech-Talk/The-Dangers-of-using-ChatGPT-for-Coding-Flipping-Bits-in-Ciphers/m-p/68059#M4332 Caute_cautim 2024-03-10T04:51:57Z https://community.isc2.org/t5/Tech-Talk/The-Dangers-of-using-ChatGPT-for-Coding-Flipping-Bits-in-Ciphers/m-p/68080#M4333 “Cipher Block Chaining is a mode of operation that was specifically designed to use both transposition and substitution and padding make it hard for programmers to escape on a Friday. On purpose, simply because I do not like programmers, or weekends.” Xor Munger, Cryptologist to the Stars<BR /><BR /> Mon, 11 Mar 2024 00:02:04 GMT https://community.isc2.org/t5/Tech-Talk/The-Dangers-of-using-ChatGPT-for-Coding-Flipping-Bits-in-Ciphers/m-p/68080#M4333 Early_Adopter 2024-03-11T00:02:04Z