Time to Separate from StackOverflow and Match with ChatGPT for Encryption

Time to Separate from StackOverflow and Match with ChatGPT for Encryption

Cryptography is known as a challenging topic for developers. We studied StackOverflow posts to identify the problems that developers encounter when using Java Cryptography Architecture (JCA) for symmetric encryption. We investigated security risks that are disseminated in these posts, and we examine...

Full description

Saved in:
Bibliographic Details
Main Authors: Firouzi, Ehsan, Ghafari, Mohammad
Format: Journal Article
Language:English
Published: 10-06-2024
Subjects:
Computer Science - Cryptography and Security
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cryptography is known as a challenging topic for developers. We studied StackOverflow posts to identify the problems that developers encounter when using Java Cryptography Architecture (JCA) for symmetric encryption. We investigated security risks that are disseminated in these posts, and we examined whether ChatGPT helps avoid cryptography issues. We found that developers frequently struggle with key and IV generations, as well as padding. Security is a top concern among developers, but security issues are pervasive in code snippets. ChatGPT can effectively aid developers when they engage with it properly. Nevertheless, it does not substitute human expertise, and developers should remain alert.
DOI:10.48550/arxiv.2406.06164