Need? You don't. "Want" because you're already too lazy to read and write for yourself? Yeah, I can see that.

> Why do you need an LLM ... ?

Could have stopped with that. /s

Because AI.

To get the most popular passwords, duh. These things are trained on lots of passwords, so they know which ones are the best guesses for autocompletion.

Because we both know that someone somewhere is absolutely doing it already. And perhaps the responsible thing is to point out the problem and hope LLM providers might prepare a canned response for the future.

Because people are already offloading too much of their thinking to LLMs?

Which could be seen as evidence that it isn't a bubble, but I'm not making an argument about that.

Tragically common to use a LLM to solve problems that existing simple solutions already solve. It's the tech equivalent of "rolling coal" - creating waste and harm just because you can.

Because people don't know how things work, and treat the robots like oracles.

"But ChatGPT said..." is the new "I saw it on television, it must be true."

If you're not doing something like

< /dev/urandom tr -dc _A-A-a-z-0-9 | head -c30

or some tool that does something similar, you already have problems.

It's a byproduct of what happens with all technologies, the [1]Gartner Hype Cycle [wikipedia.org].

A new technology comes out. People immediately think it is the be-all, end-all solution to many things. People apply it to numerous things because they can .

Eventually, many of the things they claim the technology will do don't pan out. Then you head into the [2]Trough of disillusionment [wikipedia.org]. People begin to ask questions like "We can do this, but should we?" Many potential applications die off completely. The few that remain survive, and gradually grow into becoming a useful solution.

So yes, of course people used an LLM to generate passwords. Because they can. Doesn't mean they should, but we're not quite at the "should" stage of LLM applications yet.

And for the bubble talk, yes AI is a bubble. The reason it's a debate is because we talk about bubbles in binary terms, but when you look at it with the Gartner Hype Cycle, you'll see that it's not yet ready to fall, but applications like password generation and quite a few others show that it will. It won't collapse completely, because there are good applications of LLM AI; it will climb out of the trough and find valuable, useful tools. The debate about whether it's a bubble or not is irrelevant, what we should be discussing is when a contraction will happen (and it will), what it will look like when done.

[1] https://en.wikipedia.org/wiki/Gartner_hype_cycle

[2] https://en.wikipedia.org/wiki/Gartner_hype_cycle#:~:text=3.-,Trough%20of%20disillusionment,-Interest%20wanes%20as

> ... a simple random number generator is guaranteed to do a better job of it?

Show me how that works. Then, would you expect a normal person to be aware of how to do that?

If it's not obvious, direct use of an RNG does not produce a usable password. The result of this isn't directly usable in most situations: dd if=/dev/random of=test_password bs=32 count=1

It wouldn't surprise me if a lot of people go to google to look for a password generator, or how to make a strong password, and wind up copy/pasting from some website. If they're already using an LLM regularly, that's probably wher

Because so many people assume LLM is superseding *everything*, and need explicit reminders that not only is the 'old' way so much more efficient and simple, it's even more effective than what an LLM would do.

I wounder what happens if you run local modes and turn the temperature way way up. Of course if you make the LLM 'drunk' enough to give truly random answers you could just grab a few bytes from /dev/urandom all by your self.

That was my initial thought as well, until I remembered they do contain RNGs in their fundamental logic - that's referred to as the [1]temperature [ibm.com].

They found introducing an element of randomness into them made them seem more "realistic". Although clearly there are only so many alternate pathways they can take even with randomness involved.

[1] https://www.ibm.com/think/topics/llm-temperature

Was it when you lived in Springfield?

Years ago I knew a computer columnist and SF author, now deceased. Among other things, I did some house sitting for him. His WiFi password was quite similar to ThisIsAVeryVeryLongPassword because he figured that it was too long for the average hacker/cracker to break. Now, of course, he'd have to make it even longer.

Yeah, a sentence or a phrase. Are spaces allowed, or should we either use "_" or capitalizations as separators? My only problem is that a lot of services/sites have a limit on how long a password can be, and some of the more retarded ones don't allow certain special characters, such as "$". It would be nice if there was a universal convention of requiring anything from 10-30 characters (say), and spelling out which special characters are, or aren't allowed

There was also the rather peculiar thing that happened with the numbers from the show Lost.

If multiple people hit the Powerball jackpot, it is divided among the winners. They don't all get the jackpot amount so that would not bankrupt the system.

That being said, other prizes have specific cash denominations. And, others are multiplied by a PowerPlay multiplier by 1-5x (and, occasionally, 10x).

Still, it would take thousands if not millions of such winners to financially hurt the company.

And, I suspect there are rules that would trigger a fraud alert and render the drawing invalid.

In January 1995, the £16.3 million jackpot for the UK lottery was won by 133 tickets. Lots of winning tickets are already a thing.

You're working the wrong end of the problem. The wrong 16 character password can be cracked rather easily.