Time to Separate from StackOverflow and Match with ChatGPT for Encryption
Ehsan Firouzi, Mohammad Ghafari
TL;DR
This paper analyzes developer challenges with Java cryptography on StackOverflow, examines security risks in shared code, and evaluates ChatGPT's effectiveness in assisting with cryptography issues, highlighting its benefits and limitations.
Contribution
It provides an empirical study of cryptography-related developer problems, security risks in shared code snippets, and assesses ChatGPT's role in mitigating cryptography issues.
Findings
Developers struggle with key, IV, and padding issues.
Security risks are common in code snippets.
ChatGPT can assist but does not replace human expertise.
Abstract
Cryptography is known as a challenging topic for developers. We studied StackOverflow posts to identify the problems that developers encounter when using Java Cryptography Architecture (JCA) for symmetric encryption. We investigated security risks that are disseminated in these posts, and we examined whether ChatGPT helps avoid cryptography issues. We found that developers frequently struggle with key and IV generations, as well as padding. Security is a top concern among developers, but security issues are pervasive in code snippets. ChatGPT can effectively aid developers when they engage with it properly. Nevertheless, it does not substitute human expertise, and developers should remain alert.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data