Pin Generation

Question

I am looking to develop a system in which i need to assign every user a unique pin code for security. The user will only enter this pin code as a means of identifying himself. Thus i dont want the user to be able to guess another users pincode. Assuming the max users i will have is 100000, how long should this pin code be?

e.g. 1234 4532 3423

Should i generate this code via some sort of algorithm? Or should i randomly generate it?

Basically I dont want people to be able to guess other peoples pincode and it should support enough number of users.

Am sorry if my question sounds a bit confusing but would gladly clarify any doubts.

thank you very much.

UPDATE

After reading all the posts below, I would like to add some more detail.

1. What i am trying to achieve is something very similar to a scratch card.
2. A user is given a card, which he/she must scratch to find the pin code.
3. Now using this pin code the user must be able to access my system.

I cannot add extra security (e.g. username and password), as then it will deter the user from using the scratch card. I want to make it as difficult as possible to guess the pincode within the limitations.

thankyou all for your amazing replies again.

Answer 1

4 random digits should be plenty if you append it to unique known userid (could still be number) [as recommended by starblue]

Pseudo random number generator should also be fine. You can store these in the DB using reversable encryption (AES) or one-way hashing

The main concern you have is how many times a person can incorrectly input the pin before they are locked out. This should be low, say around three...This will stop people guessing other peoples numbers.

Any longer than 6 digits and people will be forgetting them, or worse, writing them on a post-it note on their monitor.

Assuming an account locks with 3 incorrect attempts, then having a 4 digit pin plus a user ID component UserId (999999) + Pin (1234) gives you a 3/10000 chance of someone guessing. Is this acceptable? If not make the pin length 5 and get 3/100000

Answer 2

May I suggest an alternative approach? Take a look at Perfect Paper Passwords, and the derivatives it prompted .

You could use this "as is" to generate one-time PINs, or simply to generate a single PIN per user.

Bear in mind, too, that duplicate PINs are not of themselves an issue: any attack would then simply have to try multiple user-ids.

(Mileage warning: I am definitely not a security expert.)

---

Here's a second answer: from re-reading, I assume you don't want a user-id as such - you're just validating a set of issued scratch cards. I also assume you don't want to use alphabetic PINs.

You need to choose a PIN length such that the probability of guessing a valid PIN is less than 1/(The number of attempts you can protect against). So, for example, if you have 1 million valid PINs, and you want to protect against 10000 guesses, you'll need a 10-digit PIN.

If you use John Graham-Cumming's version of the Perfect Paper Passwords system, you can:

1. Configure this for (say) 10-digit decimal pins
2. Choose a secret IV/key phrase
3. Generate (say) the first million passwords(/PINs)

I suspect this is a generic procedure that could, for example, be used to generate 25-alphanumeric product ids, too.

Sorry for doing it by successive approximation; I hope that comes a bit nearer to what you're looking for.