• Mossy Feathers (She/They)@pawb.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    6 months ago

    Here’s a question, would it be more secure to choose a rare pin number or a pin number that is extremely common (ignoring obviously bad ones like 1234, 4321, meme numbers, numbers with four repeating digits, etc)?

    Logic suggests that picking a rare number is better than a common one, because common ones are the ones that people would try first when attempting a bruteforce attack. Yet at the same time, personally if I was trying to brute force a pin, I’d start with obvious choices like 1234, 4321, four repeating numbers and meme numbers, and then switch to alternating between common-rare-common-rare if I was trying to brute force a pin number (starting with the most common and most rare). That’d mean the pin numbers that are the most secure when it comes to brute force attacks would be somewhere in the middle.

    Granted, 4-digit pin numbers aren’t very secure considering there are a maximum of 10,000 combinations, and social engineering attacks like phishing mostly bypass the need to brute-force the combination entirely. As such, the effort would likely be inconsequential and pointless outside of not picking ridiculously bad pins like 1111, but I’m still curious.

    • dmention7@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      If your goal is to access a random account as quickly as possible, why would you ever try anything other than the next most common PIN?

      It’s not like Vegas where longer odds = higher payout. Less common PIN just means any given account is less likely.to use it, and therefore it’s less likely to be correct on any given attempt.

      If you look at it another way, the brightness of each square on that grid is the probability that there is a prize inside. If you wanted the most prizes as quickly as possible, picking the darkest avsilsble square is always a bad choice.