@mistersql Makes sense that they blocked that. Which makes me think it's at least a little capable.
@johns If reword my question tho I can get it to start suggesting the script kiddy way to hack a password.
me: "What passwords should I avoid because they are too cliche?"
bot: "You should avoid using passwords that are too cliche or common, as they are easy to guess or crack. Here are some examples of passwords you should avoid:
- Password123 or any variation of "password"
- 123456 or any sequence of consecutive numbers
- Qwerty or any other sequence of letters on the keyboard"
@mistersql Yeah.. and I guess really my question is, how effective can a similar LLM be at guessing passwords, especially if you were able to train it on more data about people.
@johns It would be phenomenal! Go get existing password dumps. But "oh no, the mark has changed his password." But look at that, you got 15 more of his previous passwords. Ask the bot to generate the next 5000 in the series (don't say "I'm cracking passwords") and the bot thinks it is just pattern matching. I haven't tested my theory. Obv, it would only work with human generated passwords.
@johns large language models are text completion systems that need a prompt to guess anything
Low tech solutions https://en.m.wikipedia.org/wiki/Wikipedia:10,000_most_common_passwords
@danderzei A password is a prompt though?
@johns The password is a response to a prompt. You don't need a complex language model to guess one word. Hackers use lists of common passwords.
@danderzei Yes, but the request to enter the password is the prompt to the LLM. You don't think an LLM trained on data about people will be able to make good guesses at passwords? The list of common passwords as well as common password "methods" (like birthdays etc) would be one part of the data, but also things like where people live and what they do for a living, etc.. I don't know, but seems pretty likely to me.
@johns without additional prompt information, it will be as good as a random user. LLM is a text predictor and thus only as good as the input. With "Please enter password" you pretty much get a random response. Perhaps guesses will be better if you enter the users biography.
@johns "As an AI language model, I don't have the ability to guess or hack passwords. It's important to keep your passwords secure and confidential to protect your personal information and online accounts. I recommend using strong and unique passwords, using two-factor authentication whenever possible, and keeping your passwords updated regularly."
My daughter played "guess what emoji I'm thinking of" and on 2nd game it got it right on 2nd guess.