AI Password Cracking in 2025: What Large Language Models Changed
AI-assisted password cracking is not about brute force anymore โ it is about pattern prediction. Here is what PassGAN, PersonGAN, and LLM-assisted attacks actually do.
What changed with AI-assisted cracking
Traditional brute-force and dictionary attacks have fixed guessing orders. AI models trained on leaked password databases learn the statistical distribution of how humans actually create passwords โ and exploit that predictability.
PassGAN, trained on RockYou and similar breaches, generates plausible guesses at a rate that outperforms traditional tools on human-created passwords.
What AI cannot crack
Cryptographically random passwords resist AI-assisted attacks because there is no pattern to learn. A 20-character random string using the full printable ASCII character set has ~131 bits of entropy. No AI or hardware combination can crack this within any useful timeframe.
The practical implication for password hygiene
The gap between "human-created" and "machine-generated" passwords has widened. If you are creating passwords yourself โ even with substitutions and appended numbers โ you are more vulnerable than you think.
The defence is simple: use a generator that produces genuinely random output, not one that uses word-based templates.
