Any X digit PIN as good as the next one (mostly)?
Comments
-
Though none of them are very strong, most cracking attempts will start with the more commonly used PINs e.g.
000000,000001,123456, and so on. As such one of those frequently used PINs is likely to be cracked sooner than a random one. That said, with modern computing power, cracking a 6-digit PIN is fairly trivial, even if it is random, taking ~24 hours as a worst case (best case?) scenario.Ben
0 -
As you know sometimes we have no choice ie the site in question requires exactly 6 digits for its PIN. (At least it is 'better' than another site which only allows for 4 digits :( )
0 -
This might be interesting:
0 -
Thanks for that XIII.
0 -
Though none of them are very strong
I have tried three 6 digit PINS for a login requiring a 6 digit PIN and each one results in 1P classifying it as a "Vulnerable Password". This would lead me to believe that all 6 digit PINS would be classified as "Vulnerable".
0 -
That is likely correct. I wouldn't be surprised if every possible combination of 6 digits has been used as a password by someone and has been compromised at some point.
Ben
0 -
I wouldn't be surprised if every possible combination of 6 digits has been used as a password by someone and has been compromised at some point.
Maybe. However,
948137is not in the HIBP database...(No, I'm not using that anywhere - I used some scripting and command line tools to find one)
(I only checked this one, but if I made no mistake 1,151 out of 1,000,000 are not in there)
Unfortunately I can't check what 1Password thinks about it since I don't get
000000(ormonkey) listed as a vulnerable password in 1Password7 for Mac (7.4.3), while both are in the HIBP database...Bug?
(PS: I could not find any 4 digit PIN code that's not in the HIBP database)
0 -
(I only checked this one, but if I made no mistake 1,151 out of 1,000,000 are not in there)
I need a couple of these "uncompromised" 6 digit PINS ;). Is there an "easy" way for me to generate one?
0 -
Is there an "easy" way for me to generate one?
Depends on your skills I guess.
I might post some general instructions on how I did it (when I’m using a physical keyboard).
0 -
Why isn't the case that 1P only generates PINS (or even passwords) which aren't "vulnerable"?
0 -
Why isn't the case that 1P only generates PINS (or even passwords) which aren't "vulnerable"?
(Why) would it matter?
The number of 6 digit PINs that are “not vulnerable” is so small that a hacker can easily just brute force all 6 digit combinations and hit these as well...
0 -
This is roughly what I did:
- Write a Python script that writes all possible 6 digit PIN codes and their SHA-1 hashes to a file (one PIN and its hash per line)
- Use the
cut&sortcommands to create a new file that only contains the sorted SHA-1 hashes - Download the (almost 10 GB!) passwords from HIBP, sorted by SHA-1 hash
- Use the
commcommand to find SHA-1 hashes that are in the file from step 2, but not in the file from step 3 - Use the file from step 1 to find the PIN codes generating those hashes
Does that help?
0 -
:) :+1:
0
