EN, Schneier on Security

LLMs Generate Predictable Passwords

2026-02-26 14:02

LLMs are bad at generating passwords:

There are strong noticeable patterns among these 50 passwords that can be seen easily:

All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7.
Character choices are highly uneven for example, L , 9, m, 2, $ and # appeared in all 50 passwords, but 5 and @ only appeared in one password each, and most of the letters in the alphabet never appeared at all.
There are no repeating characters within any password. Probabilistically, this would be very unlikely if the passwords were truly random but Claude preferred to avoid repeating characters, possibly because it “looks like it’s less random”.
…

This article has been indexed from Schneier on Security

Read the original article:

LLMs Generate Predictable Passwords

Related

← OpenAI Confirms that Chinese Hackers Used ChatGPT to Launch Cyberattacks

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control →