Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎03-09-2024 11:51 PM
‎03-09-2024 11:51 PM

The Dangers of using ChatGPT for Coding: Flipping Bits in Ciphers and Why MACs Are So Important

Hi All

 

Some important lessons here:    Prof Bill Buchanan:


I did a code review recently, and I noticed that the code was using AES with CBC (Cipher Block Chaining) mode. It involved saving encrypted data to database, and it just looked like copy-and-paste code. So, I took the database, and flipped a few bits, and showed the developer that I had changed the values of the transaction.

“How did you do that?”, “Well, I flipped some bits!”, “But, it is encrypted”, “You do not have a MAC to check”, “What’s a MAC?”. “Where did you get the code?”, “I got it from ChatGPT”.

I stopped there and was worried about the rest of the software. I then asked whether they knew how CBC worked and was met with a blank face.

 

https://medium.com/asecuritysite-when-bob-met-alice/the-dangers-for-chatgpt-for-coding-flipping-bits...

 

Regards

 

Caute_Cautim

Reply
1 Reply
Early_Adopter
Community Champion
‎03-10-2024 08:02 PM
‎03-10-2024 08:02 PM

“Cipher Block Chaining is a mode of operation that was specifically designed to use both transposition and substitution and padding make it hard for programmers to escape on a Friday. On purpose, simply because I do not like programmers, or weekends.” Xor Munger, Cryptologist to the Stars

Reply
0 Kudos