{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreif7c7so5ijlhyelknqck33ldunmvahp72mykoobon4hlcpzpbfhma",
    "uri": "at://did:plc:kyxdufbi5qaljy7bxivztuhy/app.bsky.feed.post/3mfs6iq52uq22"
  },
  "path": "/blog/archives/2026/02/llms-generate-predictable-passwords.html",
  "publishedAt": "2026-02-26T12:07:10.000Z",
  "site": "https://www.schneier.com",
  "tags": [
    "Uncategorized",
    "AI",
    "LLM",
    "passwords",
    "random numbers",
    "reports",
    "bad"
  ],
  "textContent": "LLMs are bad at generating passwords:\n\n> There are strong noticeable patterns among these 50 passwords that can be seen easily:\n>\n>   * All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7.\n>   * Character choices are highly uneven ­ for example, L , 9, m, 2, $ and # appeared in all 50 passwords, but 5 and @ only appeared in one password each, and most of the letters in the alphabet never appeared at all.\n>   * There are no repeating characters within any password. Probabilistically, this would be very unlikely if the passwords were truly random ­ but Claude preferred to avoid repeating characters, possibly because it “looks like it’s less random”. ...\n>\n",
  "title": "LLMs Generate Predictable Passwords"
}