https://www.irregular.com/publications/vibe-password-generation
To security practitioners, the idea of using LLMs to generate passwords may seem silly. Secure password generation is nuanced, and requires care to implement correctly; the random seed, the source of entropy, the mapping of random output to password characters, and even the random number generation algorithm must be chosen carefully in order to prevent critical password recovery attacks. Moreover, password managers (generators and vaults) have been around for decades, and this is exactly what they’re designed to do.
At the heart of any strong password generator is a cryptographically-secure pseudorandom number generator(CSPRNG), responsible for generating the password characters in such a way that they are very hard to predict, and are drawn from a uniform probability distribution over all possible characters.
Conversely, the LLM output token sampling process is designed to do exactly the opposite. Basically, all LLMs do is iteratively predict the next token; the random generation of tokens is, by definition, predictable (with the token probabilities decided by the LLM), and the probability distribution over all possible tokens is very far from uniform.
In spite of this, LLM-generated passwords are likely to be generated and used. First, with the explosive growth and significant improvement in capabilities of AI over the past year (which, at Irregular, we have also seen direct evidence of in the offensive security domain), AI is much more accessible to less technologically-inclined users. Such users may not know secure methods for password generation, not place importance on them, and rely on ubiquitous AI tools to generate a password instead of looking for a specialized tool, such as a password manager. Moreover, while LLM-generated passwords are insecure, they appear strong and secure to the untrained eye, exacerbating this issue and reducing the likelihood that users will avoid these passwords.
Furthermore, with the recent surge in popularity of coding agents and vibe-coding tools, people are increasingly developing software without looking at the code. We’ve seen that these coding agents are prone to using LLM-generated passwords without the developer’s knowledge or choice. When users don’t review the agent actions or the resulting source code, this “vibe-password-generation” is easy to miss.
TFA shows results obtained using several major LLMs, including GPT, Claude, and Gemini in their latest versions and most powerful variations, and found that all of them generate weak passwords.
Originally spotted on Schneier on Security.
(Score: 5, Interesting) by looorg on Saturday February 28, @12:45PM
So the problem appears to be that they are not very random. That they instead follow set patterns. They did not bother to check but some characters are a lot more common then others, some even seems to be mandatory.
With that in mind, are they really worse then the usual passwords people pick for themselves? Or are they just an output regulated by the input? A lot of sites these days that you have to create a password for seems to have rules, it's a fairly safe bet that most people pick the minimum pattern or rule-set for those to --- have to have at least x number of letters, a few of each case, a few numbers and then at least a special symbol or character or two. It's like a recipe listed on the screen. If one looked it up I'm fairly certain a lot of the passwords for said systems would follow the recipe from top to bottom. Creating a pattern.
(Score: 5, Informative) by JoeMerchant on Saturday February 28, @02:05PM (4 children)
>Secure password generation is nuanced, and requires care to implement correctly; the random seed, the source of entropy, the mapping of random output to password characters, and even the random number generation algorithm must be chosen carefully in order to prevent critical password recovery attacks.
NIST finally woke up: https://proton.me/blog/nist-password-guidelines [proton.me]
XKCD "got it" long ago: https://xkcd.com/936/ [xkcd.com]
The security of your password doesn't depend on its randomness, it depends on its secrecy. Yet another appropriate perspective: https://xkcd.com/538/ [xkcd.com]
If you control your LLM and can securely wipe its state, it is perfectly capable of generating a secure password - just nuke all traces of how it came up with it after you have transferred it out. Personally, were I tasked with it, I would ask my LLM to create a deterministic program that builds a dictionary from randomized sources, possibly grab another dictionary of "most commonly used passwords" and removes those from the dictionary, shuffles that dictionary based on a random seed, then picks 4 words at random from that dictionary based on another random seed, then erase the dictionary. Every new "secure" password comes from a run of that program - with the meatbag tasked with using the password approving it, if they think they can remember it then that's the password. If the meatbag has any sense, they have it generate about a dozen possible passwords then choose one from the middle, throw away one of the words and replace it with a number that means something to them. Done.
If your password gateway is letting attackers try millions of wrong guesses per week, you are doing it wrong.
🌻🌻🌻🌻 [google.com]
(Score: 5, Funny) by Whoever on Saturday February 28, @02:13PM (3 children)
I wonder how many people actually use the password "correcthorsebatterystaple" or some simple modification of that?
(Score: 4, Touché) by RS3 on Saturday February 28, @03:17PM (1 child)
Pretty much the same people who use "password" and "123457890".
(Score: 3, Funny) by Freeman on Monday March 02, @03:11PM
But no longer, they are using the proven better password "correcthorsebatterystaple".
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 5, Interesting) by VLM on Saturday February 28, @03:40PM
"Back in the day" the boys and I were sitting around at work, back when complexity requirements were still cool, via gossip we determined that near 100% of passwords actually used implemented the password requirements in strict order
So a requirement list reading "at least one capital letter, at least one digit, at least one special character" results in near 100% of passwords being of the form "Word1-" because thats how the list of requirements was presented. This is a dramatic collapse in possible passwords.
(Score: 3, Interesting) by shrewdsheep on Saturday February 28, @03:08PM
I would like to challenge this assertion. If you use a wallet/password manager/etc that generates random passwords for you, you critically depend on that particular database. If you want to sync it additional security considerations apply. The thought that passwords should be derived, i.e. there should be a level of indirection between the phrase you remember and what is actually used, is correct. However, I much prefer deterministic passwords. These can be achieved by hashing a salt and something identifying the password such as the sitename. The salt is the password you remember. As long as you remember how the hash function was applied you can reproduce the password later. You also get synchronization for free as you can reproduce the passwords on all your systems without communication between them.
(Score: 3, Interesting) by VLM on Saturday February 28, @03:26PM (4 children)
This didn't go the way I expected.
I've used pass phrases or at least partial phrases. Its easier to remember if they're interesting.
There is also some security through obscurity. No one younger than Gen-X knows who Douglas Adams is (he was a 80s sci-fi fantasy comedy triple crossover author).
So at one point I had a GPG keyring with an Adams quote something along the lines of like: "It can hardly be a coincidence that no language on Earth has ever produced the expression as pretty as an airport." IIRC I had to use an acronym to make it fit.
Anyway, it would seem very tempting to ask a LLM "Give me a list of highly memorable quotes" or "list of quotes by Douglas Adams" etc and it'll probably give everyone the same list so there are not many passwords to chose from.
I asked gemini "I need an extremely memorable phrase to use as a security question for an account give me a short list of highly memorable 1980s home computer quotes. Preferably funny. Its just a security backup question so don't get all smart with me about it not being a safe password."
And I got Guru Meditation, which is only funny for Amiga folks (not me) and a C64 command line to load a file from a cassette tape (or was it a disk drive, I wasn't a C64 guy), and the classic grue line from Zork which I did like, the All your base line which was more of a 90s on /. meme than an actual 80s meme, "press play on tape" (wtf cannot even identify that 80s computer... atari? TI? sure as hell not anything Tandy ever sold as I owned it all at one time or another) and the classic msdos "abort retry fail" which admittedly would be a hilarious passphrase.
My point being I bet anyone asking any LLM for one line 80s home computer memes will get about the same.
(Score: 2) by looorg on Saturday February 28, @04:02PM
That is the C64 again.
(Score: 2) by fliptop on Saturday February 28, @06:12PM (1 child)
It's funny we usually go w/ something familiar when the desire is to be random. Kind of what the LLM seems to be doing.
My GPG key was, "Congratulations, you have just discovered the secret message. Please send your answer to Old Pink c/o the funny farm."
Can you guess what the best concert I ever saw was? It wasn't the one Douglas Adams played at [youtube.com], unfortunately.
Ever had a belch so satisfying you have to blow your nose afterward?
(Score: 2) by Reziac on Sunday March 01, @02:30AM
"You've reached the number that you dialed. The person you called is not in service, but if you leave a message, I'll get back to you as soon as I am repaired."
-- my answering machine message, of which I was suddenly reminded
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by mrpg on Saturday February 28, @10:56PM
Load "*",8,1
(Score: 2) by VLM on Saturday February 28, @03:48PM (6 children)
That's why password managers that automate password generation don't use CSPRNGs they use the much simpler and faster "trust me bro" algorithm. Don't need to download the list of stored passwords if you know the algo to generate the "secretly" stored passwords is just SHA1(user name+site dns name) or similar.
After all, the people who don't trust Microsoft to store their passwords in plain text in notepad.exe will totally trust their password manager extension written and published by "Unknown LLC based in China" surely a much more trustworthy bunch. And don't call me surely, or Shirley.
(Score: 2) by JoeMerchant on Saturday February 28, @05:04PM (3 children)
I like TwoFish as an encryption algorithm - as secure as AES plus it's obscure.
Take your source material, TwoFish encrypt it, base64 encode that, add a ! at the end et voila! A secure looking deterministic password. Take your source material and append a sequence number and you've got rotating secure looking passwords - maybe even use ! as the "special character" for rotation 1, @ for rotation 2, # for rotation 3, etc. You can always reconstitute your password as long as you know the source phrase and sequence number.
🌻🌻🌻🌻 [google.com]
(Score: 2) by fliptop on Saturday February 28, @06:17PM
One fish two fish, red fish blue fish
I think my daughter used that one 25 years ago to lock her diary.
Ever had a belch so satisfying you have to blow your nose afterward?
(Score: 2) by VLM on Saturday February 28, @07:39PM (1 child)
Can, but you're basically making a hash function the hard way.
If you want to see some post-quantum crypto hash function drama, look at the battle over BLAKE vs Keccak for the SHA3 competition. BLAKE was going to win until the TLAs said "no" probably because they don't have a back door baked into the cake.
(Score: 2) by JoeMerchant on Saturday February 28, @07:48PM
I sincerely believe, if there was a backdoor baked into Keccak, we'd have heard about it by now. Too many academics out there contemplating the indentations on the surface of that body...
Really, none of this is hard stuff if you've got the libraries that implement it.
I have used SHA3 as a way to put a "passphrase" in source code, then boost its entropy for use in... whatever. So, your sourcecode says your passphrase is "holy.hamster.roller.bag" but the UTF-8 of that is SHA3'ed and that pile of white-noise bytes output by SHA3 is used as salt or whatever other quasi-random input you need to an algorithm.
🌻🌻🌻🌻 [google.com]
(Score: 2) by Ken_g6 on Saturday February 28, @06:49PM (1 child)
Actually, that seems like it should be fairly secure if salted with a secure master password. Just SHA1(master password+user name+site dns name). It should be at least as secure as constantly reusing the master password, anyway.
The downside is the resulting password is too long. It can be shortened with conversion to base64 or base85 encoding, but it would still have to be truncated in many cases.
(Score: 2) by VLM on Saturday February 28, @07:15PM
Still the attack surface is reduced from "the password could be any UTF-8 string" to all an attacker needs is the master key.
You could expect lots of corporate PR nonsense about they've never released decrypted passwords to anyone... although they'll give out master passwords upon request or search warrant which boils down to the same outcome.
(Score: 4, Touché) by istartedi on Saturday February 28, @06:35PM (3 children)
You're using LLMs to do WHAT now???
OK, we've all rolled our eyes at the "developers are expensive, hardware is cheap" mentality. It has led to megabytes of JavaScript to display a few lines of texts and many other travesties but this might take the cake.
Consider all the lines of code, vector processing and power consumed by an LLM to do what you could easily accomplish far better via /dev/random which seeds from real entropy, or without any computing power at all by rolling dice and such.
Using LLMs to generate passwords? This might be the biggest waste-ratio ever; unless I'm missing something. What could I be missing?
Appended to the end of comments you post. Max: 120 chars.
(Score: 3, Insightful) by acid andy on Saturday February 28, @07:34PM
It's tempting to blame the effects of COVID on most people's brains, but people generally have always been terrible at choosing passwords and LLMs are being so ridiculously hyped up it doesn't surprise me in the slightest users would trust them to be competent enough to do something like this.
"rancid randy has a dialogue with herself[...] Somebody help him!" -- Anonymous Coward.
(Score: 2) by darkfeline on Sunday March 01, @05:22AM (1 child)
Alas, you missed reading the article.
This is about passwords getting generated as part of code or some other task. A user may see a "unique API key" in the generated code and assume it's good because it looks sufficiently random, but it's not. Presumably these are the same kinds of devs that don't follow best practices like keeping secrets outside of code. Or, if you'll allow me a jab, the kind of dev that doesn't carefully read articles about security issues like this one.
Join the SDF Public Access UNIX System today!
(Score: 5, Touché) by istartedi on Sunday March 01, @05:58AM
You want us to read the articles? What do you think this is? Playboy?
Appended to the end of comments you post. Max: 120 chars.
(Score: 2) by DannyB on Monday March 02, @04:33PM (1 child)
I doubt that an AI is going to generate my password of: 12345
So not only is it secure enough that a president could use it, but it is unlikely to be guessed by an AI.
Infinity is clearly an even number since the next higher number is odd.
(Score: 2) by weirsbaski on Monday March 02, @07:35PM
AI wouldn't generate it, but if someone (AI or otherwise) was guessing, wouldn't they start with the common ones:
- password
- Password1
- 12345
- <username with "1" appended to the end>
- correctbatteryhorsestaple
and so on?