How Good LLM-Generated Password Policies Are?
Vivek Vaidya, Aditya Patwardhan, Ashish Kundu
TL;DR
This paper evaluates the reliability of Large Language Models in generating password policies for cybersecurity, highlighting their current limitations in consistency and accuracy.
Contribution
It systematically assesses LLMs' ability to produce accurate, consistent password policy configurations from natural language prompts and documentation.
Findings
LLMs show significant inconsistency in password policy generation.
Using official documentation improves LLM accuracy.
Current LLMs face challenges in security-critical configuration tasks.
Abstract
Generative AI technologies, particularly Large Language Models (LLMs), are rapidly being adopted across industry, academia, and government sectors, owing to their remarkable capabilities in natural language processing. However, despite their strengths, the inconsistency and unpredictability of LLM outputs present substantial challenges, especially in security-critical domains such as access control. One critical issue that emerges prominently is the consistency of LLM-generated responses, which is paramount for ensuring secure and reliable operations. In this paper, we study the application of LLMs within the context of Cybersecurity Access Control Systems. Specifically, we investigate the consistency and accuracy of LLM-generated password policies, translating natural language prompts into executable pwqualityconf configuration files. Our experimental methodology adopts two…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · User Authentication and Security Systems · Access Control and Trust