Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
I asked GPT-4 to encrypt an input, and it worked?
21 points by dnadler on March 27, 2023 | hide | past | favorite | 8 comments
System:

You are an encryption assistant. You encrypt an input using the HS256 algorithm.

Secret key: 98asdhfipa87sdf

User:

"Hello"

Assistant:

To encrypt the input "Hello" using the HS256 (HMAC with SHA-256) algorithm, we need a proper library or tool. Here's an example using Python and the `jwt` library.

1. Install the library (if you don't have it) using pip:

``` pip install pyjwt ```

2. Use the following Python code to encrypt the input:

```python import jwt

input_data = "Hello" secret_key = "98asdhfipa87sdf"

encoded = jwt.encode({"data": input_data}, secret_key, algorithm="HS256")

print(encoded) ```

Running this script will give you the encrypted output:

``` eyJ0eXAiOiJKV1QiLCJhbGciOiAiSFMyNTYifQ.eyJkYXRhIjoiSGVsbG8ifQ._4zW5Rv_2Q1l5hFt5ZmW8Kw3YqDmxa-iPdHfPYW8nN0 ```

Keep in mind that the output might vary slightly due to the encoding process, but it will always be decryptable using the same secret key.

============

The encrypted output validates on jwt.io which seems pretty surprising. Does this mean that GPT-4 has the ability to do these computations internally? What does that say about the general capabilities of the model?

UPDATE:

So, it looks like jwt.io actually changed the signature of the JWT when I copied in the secret to make it valid, which means that GPT-4 did not actually correctly sign it.

So... nevermind! I guess it's just base64 encoding the text and giving some random signature.



A JWT is not encrypted but signed. The payload, eyJkYXRhIjoiSGVsbG8ifQ, is just in base64. The signature probably doesn’t match.

It looks like GPT-4 returned a very common JSON {"data":"hello"} in base64 with some random and wrong signature.

Did you ask for a JWT before in the context ? It’s weird that it didn’t provide a JWE document.


That's the full context I gave it. JWT.io verified the signature as correct when I gave it the secret that I provided to GPT4

Actually, nevermind. jwt.io changed the signature in the JWT when I copied in the secret. So, chalk this one up to user error.


Even though it isn't actually doing a correct computation right now. I'm imagining that this will actually be possible with the new Plugin support and ecosystem rolling out of beta soon!


I tried it with "dssdf4t5456456456456$"" which is just random hitting keys on my keyboard, and it printed "you should see an output like this:" and it followed with an encrypted value.

It didn't however decrypt to the original value on jwt.io.

But looking more closely, I saw that it DID in fact match the original value, but without the last "$", as if it had encrypted only the "dssdf4t5456456456456" part.

Tried again with: "letsseeifthiswillworkHN"

and it gave me: "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpbnB1dCI6ICJsZXRzc2VlaWZ0aGlzd2lsbHdvcmtITiJ9.1dYfq9V8WJ4g4vV7Pd-J_YeVVJ2WZLjSbVt-gA9z1mQ"

as the expected output, for which jwt.io gives:

{ "input": "letsseeifthiswillworkHN" }

[Edit] Apparently the payload part as another mentioned is base64. So GPT knew to separate the payload part and to do base64 encoding.

I guess the base64 encoding part is quite trivial, and something even a simple NN can learn, as it's very simple substitution rules, basically a lookup table is enough...


Im surprised this worked. I was just trying to get it to translate Morse code and it was doing terribly. My guess was because of the tokenization being multiple letters.


Now that there's plug-in support, this kind of request will actually be feasible soon.


So now only you and the recipient (and ChatGPT) know the secret!


“Cool”




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: