[Cryptography] Reading encrypted generative AI chats
Kent Borg
kentborg at borg.org
Mon Mar 18 15:19:36 EDT 2024
On 3/18/24 11:31, Christian Huitema wrote:
> The first step is indeed to avoid providing too much information
> through packet lengths, by standardizing to just a few lengths. The
> next step is to inject chaff to try to break analyzes of packet timing.
Please allow me to enthusiastically agree, while also being a bit
contrarian and suggest the /real/ first step is to quit being comforted
by the tidy division of responsibility offered the OSI network layers.
TLS is mostly down at the layer 4 (transport), and it has handled all
the encryption stuff down there, so up at layer 7 (application) we are
safe! Right?
Traffic analysis is really a kind of metadata analysis, and an
encryption layer can never magically fix resulting security problems.
They have to be addressed by application folk, who don't care.
The whole way we build software these days (maximum feature velocity by
configuring big complex cloud things to work with other big complex
cloud things, repeat ad infinitum) seems intended to not build anything
secure. We still can't even manage to avoid leaving data in the clear on
the public internet.
-kb, the Kent who is turning into an old crank.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20240318/6bf0682c/attachment.htm>
More information about the cryptography
mailing list