How Good LLM-Generated Password Policies Are?

How Good LLM-Generated Password Policies Are? Abstract --Generative AI technologies, particularly Large Language Models (LLMs), are rapidly being adopted across industry, academia, and government sectors, owing to their remarkable capabilities in natural language processing. One critical issue that emerges prominently is the consistency of LLM-generated responses, which is paramount for ensuring secure and reliable operations. In this paper, we study the application of LLMs within the context of Cybersecurity Access Control Systems. Specifically, we investigate the consistency and accuracy of LLM-generated password policies, translating natural language prompts into executable pwquality.conf Our experimental methodology adopts two distinct approaches: firstly, we utilize pre-trained LLMs to generate configuration files purely from natural language prompts without additional guidance. Secondly, we provide these models with official pwquality.conf Our findings underscore significant challenges in the current generation of LLMs and contribute valuable insights into refining the deployment of LLMs in Access Control Systems. Access control systems--including robust password policy enforcement--are fundamental to cybersecurity, ensuring that sensitive resources remain accessible only to authorized users. Traditionally, Linux systems have relied on password authentication modules (P AM) and associated files such as pwquality.conf Large language models (LLMs) such as ChatGPT [18], Gemini [27], have been studied in the context of automation of cybersecurity tasks and operations. In this paper, we are studying the problem of how good the LLMgenerated password policies for Linux are especially for Linux P AM? Recent advances in Large Language Models (LLMs) and AI agents offer promising opportunities to automate the generation of access control policies. In particular, using LLMs to translate text-based password policies into usable pwqual-ity.conf