Researchllmpassword generationcsprng

Large Language Models Produce Predictable Weak Passwords

||By LDS Team
8.9
Relevance Score
Large Language Models Produce Predictable Weak Passwords
Photo: blogger.googleusercontent.com · rights & takedowns

New research from Irregular finds LLMs like Claude, GPT, and Gemini generate visually complex but highly predictable passwords. In 50 prompts Claude Opus 4.6 produced only 30 unique passwords and one 16-character string 18 times, and effective entropy estimates drop from ~98 bits to roughly 20–27 bits, enabling million-guess attacks and real-world exposures on GitHub.

Key Points

  • 1Demonstrate LLMs generate repeated, biased passwords: 50 prompts yielded 30 uniques, one repeated 18 times.
  • 2Show effective entropy collapse from ~98 bits to roughly 20–27 bits, enabling million-guess attacks.
  • 3Recommend using CSPRNG-backed password managers and rotate any LLM-generated secrets found in code.

Scoring Rationale

Strong empirical findings on LLM password weakness; limited by single-source reporting and non-peer-reviewed analysis overall.

Sources

Public references used for this report.

2 sources

Practice with real Logistics & Shipping data

90 SQL & Python problems · 15 industry datasets

250 free problems · No credit card

See all Logistics & Shipping problems