I think this speaks for itself:

  simedw ~  $ claude -p "random number between 1 and 10" 
  7
  simedw ~  $ claude -p "random number between 1 and 10"
  7
  simedw ~  $ claude -p "random number between 1 and 10"
  7
  simedw ~  $ claude -p "random number between 1 and 10"
  7

Nothing about LLMs is random, how is this not common sense? If you prompt it the same prompt 50 times, it'll always converge towards the most plausible answer in its training based on probability, and most of them will follow the first pattern. The paper mentions using different chats for each of the 50 prompts and using the first password suggested and then finding similarities between them. Would it be the same if the LLM had context and did not always have to use a new chat? I highly doubt it.

Overall, yeah don't generate passwords with LLMs but is this really a surprise that answers are simillar for the same prompt in every new chat with a LLM?

This doesn't seem surprising, but I also don't think it's that important. First, how do they stack up against humans creating supposedly random passwords? Are they better than my "favourites"? Second, is the relative strength of a password - beyond trivial - the crux problem here? It seems a msitake to focus on "strongest password ever" when people are using simple passwords, sharing passwords or resources aren't even secured at all. Sure, don't use an LLM to generate your password, but let's take care of the basics and not over-focus on looking for more reasons to hate LLMs.

I did a lot of playing around early on for this with LLMs.

Some early testing I found that injecting a "seed" only somewhat helped. I would inject a sentance of random characters to generate output.

It did actually imrpove its ability to make unique content but it wasn't great.

It would be cool to formaile the test for something like password generation.

The surprising thing here is that anybody would ever think it was random. Did they not notice the LLM reusing the same names over and over again too.

However, "make my a python script the generates a random password" works.

Skill issue.

If you say: "Generate a strong password", then Claude will do what's reported in the article.

If you say: "Generate a strong password using Python", then Claude will write code using the `secrets` module, execute it, and report the result, and you'll actually get a strong password.

To get good results out of an LLM, it's helpful to spend a few minutes understanding how they (currently) work. This is a good example because it's so simple.

Not surprising at all if you've used LLMs to generate fiction; they always choose the same few names.

Basically https://xkcd.com/221/

FWIW, you can generate your own random PW on any UN*X Type system, I think on MACs also:

For example:

tr -cd "[:alnum:]" < /dev/urandom | fold -w 20 | sed 10q

Change "alnum" to "print" to get other characters. This will generate 10 20 characters passwords.

    shuf -i 1-10 -n1
    10

    shuf -n1 /usr/share/dict/usa 
    saltier

    # random 24 char
    base64 /dev/urandom | tr -d '/+' | dd bs=24 count=1 2>/dev/null;echo
    5seFtWG09vTUc0VCMb3BJ6Al

    # random letter
    base64 /dev/urandom | tr -d '/+' | sed s/[^[:alpha:]]//g | tr 'A-Z' 'a-z' | dd bs=1 count=1 2>/dev/null;echo
    x

    # bash
    echo $RANDOM
    21178

    openssl rand --base64 18

I doubt LLMs can do random. Anyone have a good source on that?