Why doesn't it? If that password became public knowledge, then it certainly does exist in lists and tables. Its high entropy is only protective as long as it remains secret. This is why it's important to avoid common patterns, even if those patterns are a result of a random number generator.
>Every password that becomes public knowledge ends up in credential stuffing lists, whether it matches your password policy or not.
That's right. And we don't want to produce passwords that are likely to be on those lists. A simple policy greatly reduces the chances of that happening. After a certain number of zeros, entropy is no longer a concern.
>"Common patterns" and "passwords that contain repeated characters" are not even remotely the same thing.
