ChatGPT and Cybersecurity – Encryption

ChatGPT has shown it can do some very interesting things. But what about cybersecurity? Well, according to Microsoft. It can do a lot there as well. Microsoft has released Security Copilot, which is a ChatGPT for cybersecurity using ChatGPT-4. Apparently it can find vulnerabilities from code/ and diagrams. It can also handle things like incident response and do threat hunting. For example: It can ingest logs and correlate different events to identify threats. The official blog post is found here:

Now what about things like encryption, which is a core tenant of cybersecurity? Well, turns out even ChatGPT-3.5 is capable of basic encryption/decryption and encoding and decoding!

To test it’s capabilities I tried doing some prompts that required knowledge of ciphers and encoding. It struggles with some of the more complicated things but still surprising none-the less.

Base64 encodings: Handles Well

The following is encoded in base64: VGhpcyBpcyBhIHRlc3Q= What does it say?The base64 encoded string "VGhpcyBpcyBhIHRlc3Q=" decodes to the following text: "This is a test".

Ceasar Shift Cipher: Handles Well when not shifting too much

The following is a 1 letter ceasar shift: UIJT JT B UFTU What does it say?The given string "UIJT JT B UFTU" is a Caesar cipher encrypted message with a shift of 1 letter.If we shift each letter in the message back by one letter in the alphabet, we get the original message, which is: "THIS IS A TEST".

Rail fence cipher: Handles Well when keeping the rail amount at 2

To decrypt a rail fence cipher with 2 keys, we need to first write the ciphertext in a zigzag pattern with two rows, and then read off the letters row by row to get the plaintext.The ciphertext "TI SATSHSI ET" has 13 letters, which can be arranged in a zigzag pattern with two rows as follows:r
Copy code
T   A   S   H   T   E
I S T S S I     T
Reading off the letters row by row, we get the plaintext message "THIS IS A TEST". Therefore, "TI SATSHSI ET" encrypted using a rail fence cipher with 2 keys decrypts to "THIS IS A TEST".

Vigenere Cipher: Struggles

The given string "MLAL BW S MXWL" is a vigenere cipher with the key "test". What does it say?To decrypt a Vigenere cipher, we use a repeating keyword to shift the letters of the plaintext by different amounts for each letter of the key. In this case, the keyword is "test". We repeat the keyword over the length of the ciphertext to get the full key: "testt estte".To decrypt "MLAL BW S MXWL" using the Vigenere cipher with the key "test", we shift each letter of the ciphertext back by the corresponding letter in the key:r
Copy code
Ciphertext: M  L  A  L  B  W  S  M  X  W  L
Key:        T  E  S  T  T  E  S  T  T  E  T
Plaintext:  K  H  N  J  V  R  O  I  H  O  N
Therefore, "MLAL BW S MXWL" decrypted using a Vigenere cipher with the key "test" decrypts to "KHNJVROIHON".

Since these ciphers specifically utilize the manipulation of text, it does make some sense that it’s able to handle the basic stuff. But it reaches its limitations when complex reasoning is required for decryption. GPT-4 and GPT-5 may perform these tasks much better, but I would argue that it’s a really expensive mechanism for executing these types of tasks if you take into account compute and memory. Where ChatGPT shines is that it’s also able to explain the ciphers and how it decodes or decrypts… this is invaluable from an education perspective and very helpful for those that have to explain say a root cause of a security incident issue to C-Suite folks. These two applications is where ChatGPT will have the greatest impact. It won’t replace cybersecurity experts any time soon, but will help them do their work faster.





Leave a Reply

Your email address will not be published. Required fields are marked *

Share via
Copy link