LLMs are centrist randomness: not useful for anything that requires truth but neither for password generation

https://www.theregister.com/2026/02/18/generating_passwords_with_llms/

@eloy Yeah, I'd almost expect it to behave like this: get_random_password() { return "password123"; /* Good enough for most people */ }

@eloy In fact reminds me that one of them (copilot?) could complete with leaked keys if you'd enter say aws_token = " and let it complete.

@eloy "Knowing the patterns also reveals how many times LLMs are used to create passwords in open source projects. The researchers showed that by searching common character sequences across GitHub and the wider web, queries return test code, setup instructions, technical documentation, and more."

XDDDDD

@eloy people actually use LLMs for password generation? why?

@noisytoot not that surprising considering people tend to use LLMs to brute force themselves through all kinds of problems

@eloy real "i used the string predictor to predict a string and it turned out to be predictable" hours