Researchllmpassword securityentropyirregular

Generative Models Produce Weak Predictable Passwords

||By LDS Team
8.1
Relevance Score
Generative Models Produce Weak Predictable Passwords
Photo: regmedia.co.uk · rights & takedowns

Irregular, an AI security firm, tested Claude, ChatGPT, Gemini and other models and found 16-character passwords that appear complex but follow common patterns. In 50 prompts to Claude only 30 outputs were unique, and measured entropies for LLM-generated passwords were roughly 20–27 bits versus expected 98–120 bits for truly random strings. Researchers warn such passwords could be brute-forced in hours and advise rotation.

Key Points

  • 1Found LLMs produce patterned, non-random 16-character passwords across Claude, ChatGPT, Gemini
  • 2Measured low entropy (~20–27 bits) versus expected 98–120 bits, enabling faster brute-force attacks
  • 3Advise developers to audit and rotate LLM-generated passwords; avoid using LLMs for password creation

Scoring Rationale

Actionable, industry-reaching finding; limited by reliance on a single company's analysis without independent peer review.

Sources

Public references used for this report.

2 sources

Practice with real Logistics & Shipping data

90 SQL & Python problems · 15 industry datasets

250 free problems · No credit card

See all Logistics & Shipping problems