Pin Generation

Question

I am looking to develop a system in which i need to assign every user a unique pin code for security. The user will only enter this pin code as a means of identifying himself. T

Answer 1

The question should be, "how many guesses are necessary on average to find a valid PIN code, compared with how many guesses attackers are making?"

If you generate 100 000 5-digit codes, then obviously it takes 1 guess. This is unlikely to be good enough.

If you generate 100 000 n-digit codes, then it takes (n-5)^10 guesses. To work out whether this is good enough, you need to consider how your system responds to a wrong guess.

If an attacker (or, all attackers combined) can make 1000 guesses per second, then clearly n has to be pretty large to stop a determined attacker. If you permanently lock out their IP address after 3 incorrect guesses, then since a given attacker is unlikely to have access to more than, say, 1000 IP addresses, n=9 would be sufficient to thwart almost all attackers. Obviously if you will face distributed attacks, or attacks from a botnet, then 1000 IP addresses per attacker is no longer a safe assumption.

If in future you need to issue further codes (more than 100 000), then obviously you make it easier to guess a valid code. So it's probably worth spending some time now making sure of your future scaling needs before fixing on a size.

Given your scratch-card use case, if users are going to use the system for a long time, I would recommend allowing them (or forcing them) to "upgrade" their PIN code to a username and password of their choice after the first use of the system. Then you gain the usual advantages of username/password, without discarding the ease of first use of just typing the number off the card.

As for how to generate the number - presumably each one you generate you'll store, in which case I'd say generate them randomly and discard duplicates. If you generate them using any kind of algorithm, and someone figures out the algorithm, then they can figure out valid PIN codes. If you select an algorithm such that it's not possible for someone to figure out the algorithm, then that almost is a pseudo-random number generator (the other property of PRNGs being that they're evenly distributed, which helps here too since it makes it harder to guess codes), in which case you might as well just generate them randomly.

Answer 2

If you use random number generator algorithms, so you never have PIN like "00038384882" , starts with 0 (zeros), because integer numbers never begins with "0". your PIN must be started with 1-9 numbers except 0.

I have seen many PIN numbers include and begins many zeros, so you eliminate first million of numbers. Permutation need for calculations for how many numbers eliminated.

I think you need put 0-9 numbers in a hash, and get by randomly from hash, and make your string PIN number.

Answer 3

May I suggest an alternative approach? Take a look at Perfect Paper Passwords, and the derivatives it prompted .

You could use this "as is" to generate one-time PINs, or simply to generate a single PIN per user.

Bear in mind, too, that duplicate PINs are not of themselves an issue: any attack would then simply have to try multiple user-ids.

(Mileage warning: I am definitely not a security expert.)

---

Here's a second answer: from re-reading, I assume you don't want a user-id as such - you're just validating a set of issued scratch cards. I also assume you don't want to use alphabetic PINs.

You need to choose a PIN length such that the probability of guessing a valid PIN is less than 1/(The number of attempts you can protect against). So, for example, if you have 1 million valid PINs, and you want to protect against 10000 guesses, you'll need a 10-digit PIN.

If you use John Graham-Cumming's version of the Perfect Paper Passwords system, you can:

1. Configure this for (say) 10-digit decimal pins
2. Choose a secret IV/key phrase
3. Generate (say) the first million passwords(/PINs)

I suspect this is a generic procedure that could, for example, be used to generate 25-alphanumeric product ids, too.

Sorry for doing it by successive approximation; I hope that comes a bit nearer to what you're looking for.

Answer 4

4 random digits should be plenty if you append it to unique known userid (could still be number) [as recommended by starblue]

Pseudo random number generator should also be fine. You can store these in the DB using reversable encryption (AES) or one-way hashing

The main concern you have is how many times a person can incorrectly input the pin before they are locked out. This should be low, say around three...This will stop people guessing other peoples numbers.

Any longer than 6 digits and people will be forgetting them, or worse, writing them on a post-it note on their monitor.

Assuming an account locks with 3 incorrect attempts, then having a 4 digit pin plus a user ID component UserId (999999) + Pin (1234) gives you a 3/10000 chance of someone guessing. Is this acceptable? If not make the pin length 5 and get 3/100000

Answer 5

Should i generate this code via some sort of algorithm?

No. It will be predictable.

Or should i randomly generate it?

Yes. Use a cryptographic random generator, or let the user pick their own PIN.

In theory 4 digits will be plenty as ATM card issuers manage to support a very large community with just that (and obviously, they can't be and do not need to be unique). However in that case you should limit the number of attempts at entering the PIN and lock them out after that many attempts as the banks do. And you should also get the user to supply a user ID (in the ATM case, that's effectively on the card).

If you don't want to limit them in that way, it may be best to ditch the PIN idea and use a standard password (which is essentially what your PIN is, just with a very short length and limited character set). If you absolutely must restrict it to numerics (because you have a PIN pad or something) then consider making 4 a (configurable) minimum length rather than the fixed length.

You shouldn't store the PIN in clear anywhere (e.g. salt and hash it like a password), however given the short length and limited char set it is always going to be vulnerable to a brute force search, given an easy way to verify it.

There are various other schemes that can be used as well, if you can tell us more about your requirements (is this a web app? embedded system? etc).

Answer 6

If we assume 100,000 users maximum then they can have unique PINs with 0-99,999 ie. 5 digits.

However, this would make it easier to guess the PINs with the maximum number of users. If you can restrict the number of attempts on the PIN then you can have a shorter PIN. eg. maximum of 10 failed attempts per IP per day.

It also depends on the value of what you are protecting and how catastrophic it would be if the odd one did get out.

I'd go for 9 digits if you want to keep it short or 12 digits if you want a bit more security from automated guessing.

To generate the PINs, I would take a high resolution version of the time along with some salt and maybe a pseudo-random number, generate a hash and use the first 9 or 12 digits. Make sure there is a reasonable and random delay between new PIN generations so don't generate them in a loop, and if possible make them user initiated.

eg. Left(Sha1(DateTime + Salt + PseudoRandom),9)