from Hacker News

I asked GPT-4 to encrypt an input, and it worked?

by dnadler on 3/27/23, 1:31 PM with 8 comments

System:

You are an encryption assistant. You encrypt an input using the HS256 algorithm.

Secret key: 98asdhfipa87sdf

User:

"Hello"

Assistant:

To encrypt the input "Hello" using the HS256 (HMAC with SHA-256) algorithm, we need a proper library or tool. Here's an example using Python and the `jwt` library.

1. Install the library (if you don't have it) using pip:

``` pip install pyjwt ```

2. Use the following Python code to encrypt the input:

```python import jwt

input_data = "Hello" secret_key = "98asdhfipa87sdf"

encoded = jwt.encode({"data": input_data}, secret_key, algorithm="HS256")

print(encoded) ```

Running this script will give you the encrypted output:

``` eyJ0eXAiOiJKV1QiLCJhbGciOiAiSFMyNTYifQ.eyJkYXRhIjoiSGVsbG8ifQ._4zW5Rv_2Q1l5hFt5ZmW8Kw3YqDmxa-iPdHfPYW8nN0 ```

Keep in mind that the output might vary slightly due to the encoding process, but it will always be decryptable using the same secret key.

============

The encrypted output validates on jwt.io which seems pretty surprising. Does this mean that GPT-4 has the ability to do these computations internally? What does that say about the general capabilities of the model?

UPDATE:

So, it looks like jwt.io actually changed the signature of the JWT when I copied in the secret to make it valid, which means that GPT-4 did not actually correctly sign it.

So... nevermind! I guess it's just base64 encoding the text and giving some random signature.

  • by speedgoose on 3/27/23, 2:18 PM

    A JWT is not encrypted but signed. The payload, eyJkYXRhIjoiSGVsbG8ifQ, is just in base64. The signature probably doesn’t match.

    It looks like GPT-4 returned a very common JSON {"data":"hello"} in base64 with some random and wrong signature.

    Did you ask for a JWT before in the context ? It’s weird that it didn’t provide a JWE document.

  • by ElijahLynn on 3/27/23, 6:44 PM

    Even though it isn't actually doing a correct computation right now. I'm imagining that this will actually be possible with the new Plugin support and ecosystem rolling out of beta soon!

  • by coldtea on 3/27/23, 2:27 PM

    I tried it with "dssdf4t5456456456456$"" which is just random hitting keys on my keyboard, and it printed "you should see an output like this:" and it followed with an encrypted value.

    It didn't however decrypt to the original value on jwt.io.

    But looking more closely, I saw that it DID in fact match the original value, but without the last "$", as if it had encrypted only the "dssdf4t5456456456456" part.

    Tried again with: "letsseeifthiswillworkHN"

    and it gave me: "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpbnB1dCI6ICJsZXRzc2VlaWZ0aGlzd2lsbHdvcmtITiJ9.1dYfq9V8WJ4g4vV7Pd-J_YeVVJ2WZLjSbVt-gA9z1mQ"

    as the expected output, for which jwt.io gives:

    { "input": "letsseeifthiswillworkHN" }

    [Edit] Apparently the payload part as another mentioned is base64. So GPT knew to separate the payload part and to do base64 encoding.

    I guess the base64 encoding part is quite trivial, and something even a simple NN can learn, as it's very simple substitution rules, basically a lookup table is enough...

  • by danjc on 3/27/23, 6:34 PM

    Now that there's plug-in support, this kind of request will actually be feasible soon.

  • by gorjusborg on 3/27/23, 7:45 PM

    So now only you and the recipient (and ChatGPT) know the secret!

  • by emocin on 3/27/23, 2:16 PM

    “Cool”