this post was submitted on 18 Feb 2026
52 points (100.0% liked)

Chapotraphouse

14280 readers
786 users here now

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Slop posts go in c/slop. Don't post low-hanging fruit here.

founded 5 years ago
MODERATORS
LENINSGHOSTFACEKILLA@hexbear.net
corgiwithalaptop@hexbear.net
a_little_red_rat@hexbear.net
khizuo@hexbear.net
thelastaxolotl@hexbear.net
CoolerOpposide@hexbear.net
52
LLM-generated passwords 'fundamentally weak,' experts say (www.theregister.com)
submitted 2 days ago by fox@hexbear.net to c/chapotraphouse@hexbear.net
26 comments fedilink hide all child comments
 

The way LLMs work is by approaching the most "average" response given any particular input. It's why everything written by an LLM looks similar and always has the same voice.

Anyways, shockingly, the Machine That Generates the Average Output is bad at unique passwords.

Of the 50 returned, only 30 were unique (20 duplicates, 18 of which were the exact same string), and the vast majority started and ended with the same characters.

Imagine that an LLM tries to fit its outputs into a bell curve of potential responses, with each character in the output aimed to be as close to the middle as feasible (with a small randomization factor so it's not always the exact same). A good password's bell curve ought to be a completely flat graph where any character is just as likely to be chosen as any other character.

Use a password manager.

all 27 comments
sorted by: hot top controversial new old
[–] ZeroHora@lemmy.ml 28 points 2 days ago (1 children)

Who is this person that ask gpt to generate a random password?

[–] rattlethatlock42@hexbear.net 31 points 2 days ago (1 children)

People ask AI for passwords? Bloody hell.

[–] Evilphd666@hexbear.net 11 points 1 day ago (1 children)

monke-beepboop Here I am blindly smashing buttons until it passes the requirements.

[–] chgxvjh@hexbear.net 7 points 1 day ago

For 10 years my paypal password was sliding my finger over parts of 3 rows of the keyboard. I think I've changed it.

[–] aanes_appreciator@hexbear.net 11 points 1 day ago

WHY ARE WE USING LLMS TO GENERATE RANDOM STRINGS WHEN WE HAVE CIRCUITS BARELY ATOMS THICK DESIGNED BY PHYSICISTS TO DO THAT SHIT A BILLION TIMES FASTER?!! STOP IT. STOP.

[–] D61@hexbear.net 18 points 1 day ago

monke-beepboop me using an LLM genAI agent to ask other LLM genAI agents what user names and their passwords they were asked to make

anakin-padme-2 this can't possible work, right?

[–] Meltyheartlove@hexbear.net 12 points 1 day ago

chappi I forgot my password helppp doggirl-tears 🤖 hunter 12345678 password

[–] QuillcrestFalconer@hexbear.net 12 points 2 days ago

Using AI to substitute a rand() call

[–] InevitableSwing@hexbear.net 10 points 2 days ago

Can I trust you to give me accurate legal advice, medical advice, tax advice plus be in a relationship with me plus give me strong passwords because you are smart and clever? Or are you a soulless plagiarism machine that can't be trusted and my relationship to you is corrupting my already deluded mind?

Thanks for the gold kind stranger.

Oh! I forgot! You're smart and clever and funny!

I am.

I love you, Moloch2.

I love you too, Password123!

[–] RaspberryTuba@hexbear.net 10 points 2 days ago* (last edited 1 day ago) (1 children)

Claude code at least will call tooling to generate a random hash. Otherwise…

[–] fox@hexbear.net 1 points 1 day ago (1 children)

Yeah, it definitely says it does

[–] RaspberryTuba@hexbear.net 3 points 1 day ago* (last edited 1 day ago)

It generates a prompt asking to run the hash generation on your system using standard tools for it. They’re not all equal, not even when it’s the same LLM in another context.

EG - Opus 4.6 is one of the ones repeatedly generating trash in the article, while it’s currently the top of the line LLM for Claude code and it’ll properly generate a password in that.

[–] miz@hexbear.net 9 points 2 days ago

not-built-for-this

[–] ClathrateG@hexbear.net 9 points 2 days ago (2 children)

Use a password manager.

Yes but also be aware of https://www.theregister.com/2026/02/16/password_managers/

[–] bobs_guns@lemmygrad.ml 10 points 1 day ago (1 children)

Can't believe these were marketed as zero knowledge. If a server knows the ciphertext or even the size of the ciphertext that is not zero knowledge, by definition.

[–] Collatz_problem@hexbear.net 10 points 2 days ago (1 children)

My password manager is a piece of paper hidden in one of my books.

[–] WokePalpatine@hexbear.net 7 points 2 days ago (1 children)

The more digitally-dependant society becomes, the more analog methods become secure. Like, most old people in the imperial core are getting defrauded online, not because they have a notebook by the computer with their passwords written down.

[–] Belly_Beanis@hexbear.net 11 points 2 days ago (3 children)

I never understood the logic about not writing down passwords in your own home. If somebody can steal my passwords, I have a far more serious problem.

[–] ChaosMaterialist@hexbear.net 5 points 1 day ago

It's the kind of advice against a post-it note on your monitor (especially in a shared place like an office) but often gets over applied to all paper backups. I keep backup access to my password manager in a paper envelope with other important documents just in case.

[–] chgxvjh@hexbear.net 5 points 1 day ago

Just don't put it up on the pinwall in front of your webcam.

[–] Damarcusart@hexbear.net 2 points 1 day ago* (last edited 1 day ago)

My handwriting looks like a very drunk chimpanzee's. I can barely tell what I wrote an hour after I wrote it, let alone 6 months later when I'm trying to work out a password.

[–] segfault11@hexbear.net 7 points 2 days ago (1 children)

but it told me hunter2 was the most secure password possible…

[–] BobDole@hexbear.net 10 points 1 day ago

but it told me ******* was the most secure password possible…

I don’t get it

[–] Llituro@hexbear.net 6 points 2 days ago

my passwords are misspelled literary references. ChatGPT will not find me