I just finished my side-project. Haiku now has working hardware bfs encryption support together with two-factor Yubikey authentication. (this is optional).
One really cool feature is that if YubiKey is removed from the computer, all encrypted disks that is mounted is unmounted and the encryption keys are scrubbed from memory immediately.
Disk encryption support including an AES implementation generated by “AI”?
Uh, no thanks. Even human-written encryption support is prone to subtle bugs, needs regular auditing by experts, and even then often still has vulnerabilities or major problems. “AI”, trained on all sorts of totally unverified encryption code, is probably at a quite severe risk of making all sorts of “beginner mistakes”. Or worse, ones that are so subtle that humans miss them.
Lets users decide. I think that making impression that Haiku community are AI-haters is counter-productive and may give toxic impression for new users.
Most users are not expert cryptographers. I know I’m not (though I know enough to spot certain obvious problems.) So how are they well-equipped to be the ones to decide?
There are a significant number of us who very much don’t want “AI” and don’t want anything to do with “AI”. If that qualifies as ‘hate’ by whatever standard you are using here, well, then that impression would be correct.
Reviewing and understanding potentially adversarial code is often harder than simply writing it. This is doubly so with cryptographic code, where there are subtleties.
As long it implement existing known good encryption algorithm, you are basically fine. At least data itself will be impossible to decrypt by brute force using algorithm weakness. Haiku currently do not provide basic security features anyway such as running GUI programs with non-root user or protecting interactive session with password. Any native program can steal disk encryption password in theory.
People can decide what to do and use because of free will. And then take full responsibility of their decisions. You can’t disallow person to use software because they are not “well-equipped”. It makes no sense.
Your and my post like ratio disprove that. For proper measurement, poll should be made.
Disc encryption and yubikey support are both at the top of my wish-list for Haiku support! Thanks for the work!
But I see that there is quite a split opinion on this forum regarding potential vulnerabilities in the code if it was written with AI support…
As I am just a newbie user, and have no way of making a call on whether there is or is not a potential security issue, I guess I’ll wait a few months until the programme’s undergone peer review by the community, so that it has the stamp of approval to get into HaikuDepot.
Thanks for putting in the work though! Does it mean that Yubikey now works also on IceWeasle etc for 2FA on compatible websites?
True, but it’s still the whole idea behind open source software: everyone is able to look at the code, fork it, fix it, etc.
Many algorithms itself are fine, but their implementation is flawed. Happens to all (well-known) en/decryptors. I’m not saying this app is flawless, I’m sure it’s not, but neither is Haiku itself, for that matter.
I think it might be a good base to start from and fix bugs as they arise.
I think what really irritates people is that AI users seem to go out of their way to hide the fact that they are using it. Then when AI use is discovered, they start gaslighting people and acting like they had no idea that anyone would have an issue with it. It looks very adversarial.
Let not turn discussion about AI, it a new app on haiku that could be useful for people trying to use multiple boot partition instead of a actual user based system it simple and there code it does not matter if it use AI as long as it contributing to haiku as a whole
Yes. For for users to decide, they need the information that some application is build with AI. I’m for a firm forum rule that posts and software must declareso, if it was created with AI.
If a user doesn’t care about that, fine. If users, like waddlesplash, have another opinion, they may say so in their comments.
+1 for adding some comment in the title like: AI generated application, it doesn’t hurt anyone that doesn’t want to even look at these topics and will silence all the obvious comments. Don’t like it don’t use it.
On another note, there is already native “drive encryption” work done long time ago, never got to be finished(?), but maybe for those wanting to go down that road, have a look at:
