Home/ Questions/Q 103307
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T01:06:12+00:00

I am looking to develop a system in which i need to assign every

  • 0

I am looking to develop a system in which i need to assign every user a unique pin code for security. The user will only enter this pin code as a means of identifying himself. Thus i dont want the user to be able to guess another users pincode. Assuming the max users i will have is 100000, how long should this pin code be?

e.g. 1234 4532 3423

Should i generate this code via some sort of algorithm? Or should i randomly generate it?

Basically I dont want people to be able to guess other peoples pincode and it should support enough number of users.

Am sorry if my question sounds a bit confusing but would gladly clarify any doubts.

thank you very much.

UPDATE

After reading all the posts below, I would like to add some more detail.

  1. What i am trying to achieve is something very similar to a scratch card.
  2. A user is given a card, which he/she must scratch to find the pin code.
  3. Now using this pin code the user must be able to access my system.

I cannot add extra security (e.g. username and password), as then it will deter the user from using the scratch card. I want to make it as difficult as possible to guess the pincode within the limitations.

thankyou all for your amazing replies again.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. If we assume 100,000 users maximum then they can have unique PINs with 0-99,999 ie. 5 digits.

    However, this would make it easier to guess the PINs with the maximum number of users. If you can restrict the number of attempts on the PIN then you can have a shorter PIN. eg. maximum of 10 failed attempts per IP per day.

    It also depends on the value of what you are protecting and how catastrophic it would be if the odd one did get out.

    I’d go for 9 digits if you want to keep it short or 12 digits if you want a bit more security from automated guessing.

    To generate the PINs, I would take a high resolution version of the time along with some salt and maybe a pseudo-random number, generate a hash and use the first 9 or 12 digits. Make sure there is a reasonable and random delay between new PIN generations so don’t generate them in a loop, and if possible make them user initiated.

    eg. Left(Sha1(DateTime + Salt + PseudoRandom),9)

    • 0