[Cryptography] Reading encrypted generative AI chats

Kent Borg kentborg at borg.org
Mon Mar 18 15:19:36 EDT 2024


On 3/18/24 11:31, Christian Huitema wrote:
> The first step is indeed to avoid providing too much information 
> through packet lengths, by standardizing to just a few lengths. The 
> next step is to inject chaff to try to break analyzes of packet timing.

Please allow me to enthusiastically agree, while also being a bit 
contrarian and suggest the /real/ first step is to quit being comforted 
by the tidy division of responsibility offered the OSI network layers. 
TLS is mostly down at the layer 4 (transport), and it has handled all 
the encryption stuff down there, so up at layer 7 (application) we are 
safe! Right?

Traffic analysis is really a kind of metadata analysis, and an 
encryption layer can never magically fix resulting security problems. 
They have to be addressed by application folk, who don't care.

The whole way we build software these days (maximum feature velocity by 
configuring big complex cloud things to work with other big complex 
cloud things, repeat ad infinitum) seems intended to not build anything 
secure. We still can't even manage to avoid leaving data in the clear on 
the public internet.

-kb, the Kent who is turning into an old crank.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20240318/6bf0682c/attachment.htm>


More information about the cryptography mailing list