📝 Original Info
- Title: 비밀번호 강도 평가와 생성을 위한 SODA ADVANCE: 대형 언어 모델의 역할
- ArXiv ID: 2511.16716
- Date: 2025-11-24
- Authors: Researchers from original ArXiv paper
📝 Abstract
Although passwords remain the primary defense against unauthorized access, users often tend to use passwords that are easy to remember. This behavior significantly increases security risks, also due to the fact that traditional password strength evaluation methods are often inadequate. In this discussion paper, we present SODA ADVANCE, a data reconstruction tool also designed to enhance evaluation processes related to the password strength. In particular, SODA ADVANCE integrates a specialized module aimed at evaluating password strength by leveraging publicly available data from multiple sources, including social media platforms. Moreover, we investigate the capabilities and risks associated with emerging Large Language Models (LLMs) in evaluating and generating passwords, respectively. Experimental assessments conducted with 100 real users demonstrate that LLMs can generate strong and personalized passwords possibly defined according to user profiles. Additionally, LLMs were shown to be effective in evaluating passwords, especially when they can take into account user profile data.
💡 Deep Analysis
Deep Dive into 비밀번호 강도 평가와 생성을 위한 SODA ADVANCE: 대형 언어 모델의 역할.
Although passwords remain the primary defense against unauthorized access, users often tend to use passwords that are easy to remember. This behavior significantly increases security risks, also due to the fact that traditional password strength evaluation methods are often inadequate. In this discussion paper, we present SODA ADVANCE, a data reconstruction tool also designed to enhance evaluation processes related to the password strength. In particular, SODA ADVANCE integrates a specialized module aimed at evaluating password strength by leveraging publicly available data from multiple sources, including social media platforms. Moreover, we investigate the capabilities and risks associated with emerging Large Language Models (LLMs) in evaluating and generating passwords, respectively. Experimental assessments conducted with 100 real users demonstrate that LLMs can generate strong and personalized passwords possibly defined according to user profiles. Additionally, LLMs were shown to
📄 Full Content
PASSWORD STRENGTH ANALYSIS THROUGH SOCIAL NETWORK
DATA EXPOSURE: A COMBINED APPROACH RELYING ON DATA
RECONSTRUCTION AND GENERATIVE MODELS
Maurizio Atzori
Department of Mathematics and Computer Science
University of Cagliari
Via Ospedale, 72, 09124, Cagliari (CA), Italy
matzori@unica.it
Eleonora Calò
Department of Computer Science
University of Salerno
Via Giovanni Paolo II, 132, 84084 Fisciano (SA), Italy
ecalo@unisa.it
Loredana Caruccio
Department of Computer Science
University of Salerno
Via Giovanni Paolo II, 132, 84084 Fisciano (SA), Italy
lcaruccio@unisa.it
Stefano Cirillo
Department of Computer Science
University of Salerno
Via Giovanni Paolo II, 132, 84084 Fisciano (SA), Italy
scirillo@unisa.it
Giuseppe Polese
Department of Computer Science
University of Salerno
Via Giovanni Paolo II, 132, 84084 Fisciano (SA), Italy
gpolese@unisa.it
Giandomenico Solimando
Department of Computer Science
University of Salerno
Via Giovanni Paolo II, 132, 84084 Fisciano (SA), Italy
gsolimando@unisa.it
November 24, 2025
ABSTRACT
Although passwords remain the primary defense against unauthorized access, users often tend to
use passwords that are easy to remember. This behavior significantly increases security risks, also
due to the fact that traditional password strength evaluation methods are often inadequate. In this
discussion paper, we present SODA ADVANCE, a data reconstruction tool also designed to enhance
evaluation processes related to the password strength. In particular, SODA ADVANCE integrates a
specialized module aimed at evaluating password strength by leveraging publicly available data
from multiple sources, including social media platforms. Moreover, we investigate the capabilities
and risks associated with emerging Large Language Models (LLMs) in evaluating and generating
passwords, respectively. Experimental assessments conducted with 100 real users demonstrate that
LLMs can generate strong and personalized passwords possibly defined according to user profiles.
Additionally, LLMs were shown to be effective in evaluating passwords, especially when they can
take into account user profile data.
Keywords Privacy−Preserving · Password−disclosure · Data wrapping · Data reconstruction · Social Network
1
Introduction
Traditional password strength assessments often fall short, as they focus on static syntax rules without considering
the semantic context of user choices. Indeed, users generally choose passwords by using keywords easy to remember.
This is a post-peer-review, pre-copyedit version to be published in the Prooceedings of the 33rd Symposium On Advanced
Database Systems (SEBD 2025). The final version will be available on CEUR-WS.org
arXiv:2511.16716v1 [cs.CR] 20 Nov 2025
A PREPRINT - NOVEMBER 24, 2025
EVALUATION
George Smith
DATE
EDUCATION
1/23/1994
University of California
5
5
5
a, A: @,4;
b, B: 3, 8;
...
i, I: 1, |;
...
z,Z: 2, %;
CUPP: 1
LEET: 0.33
COVERAGE: 0.67
FORCE: 0.47
...
1
WEIGHT
...
OrangeSystem23
GeorgeCali1023
Orange123
GeorgeOrange
...
SystemOrange
Orange123
Orange123
Orange123
INPUT PASSWORD
AGGREGATING
1
0.33
0.67
0.47
0.49
0
1
0
U=1?
YES
NO
CITY
Orange
NAME
1
4
Web
Crawler
4
3
Web
Scraper
2
PROFILE PHOTO
......
MERGING
Face
Recognition
1
3
3
3
PROFILE PHOTO
PROFILE PHOTO
USER PHOTO
George
SURNAME
Smith
NAME
...
...
Figure 1: Overview of the modules underlying SODA ADVANCE.
However, since much personal information is shared on social networks, attackers can exploit these details to infer user
passwords. Thus, through data reconstruction tools, it is possible to reconstruct information semantically related to a
context close to users [3]. In this landscape, Large Language Models (LLMs) emerge as both a asset for evaluating
password security and a potential threat in generating passwords. This discussion paper examines the privacy risks
associated with sharing personal data online and explores the capabilities of LLMs in password evaluation and
generation, as proposed in [1]. The latter presents SODA ADVANCE, an extension of the tool SODA [2], which includes
a new module for evaluating password strength based on information publicly available on social networks. This
module exploits some approaches such as CUPP [9], LEET [6], COVERAGE [7], and FORCE [5], and introduces a new
cumulative metric, namely Cumulative Password Strength (CPS). Furthermore, we present different pipelines, with aim
of investigating capabilities and threats associated to the generation and evaluation of passwords by using different
LLMs. The overall evaluation is driven by the following research questions (RQs):
RQ1: Can we rely on LLMs to suggest complex and easy-to-remember passwords based on publicly available
information on social networks?
RQ2: Can LLMs represent a valid tool to support users in evaluating the strength of passwords based on personal
information?
RQ3: How does the public availability of personal information across multiple social networks impact the capabilities
of LLMs to generate and evalua
…(Full text truncated)…
Reference
This content is AI-processed based on ArXiv data.