Skip to content
Parallax Learn

Parallax Learn

  • Welcome
  • Tutorials

        • Tutorial Series head tag

          Tutorial Series

        • Tutorial Series

          The special, classroom-ready series pages are organized collections of tutorials for our most popular hardware and/or languages. The tutorials for each topic are conveniently accessible from a single page, shown in the order it is recommended that they be completed.

        • Robotics Series Head tag

          Robotics Series

        • Robotics Series

          • Artificial Intelligence
          • Cybersecurity: Radio Data tutorialCybersecurity
          • cyber:bot + Python
          • cyber:bot + MakeCode
          • Boe-Bot Tutorial SeriesBoe-Bot
          • Arduino Shield-Bot
          • ActivityBot with C TutorialsActivityBot + C
          • ActivityBot with BlocklyProp Tutorial SeriesActivityBot + BlocklyProp
          • Scribbler 3 Tutorial SeriesScribbler 3

        • Electronics & Programming Series Head tag

          Electronics & Programming Series
          • BS2 Board of Education Tutorial SeriesBS2 Board of Education
          • Propeller C-Language BasicsPropeller C Basics
          • FLiP Try-It Kit C Tutorial SeriesFLiP Try-It Kit + C
          • FLiP Try-It Kit BlocklyProp TutorialsFLiP Try-It Kit + BlocklyProp
          • Badge WX Tutorial SeriesBadge WX
          • Propeller BlocklyProp Basics and ProjectsPropeller BlocklyProp Basics
          • View All Tutorial Series »
        • Browse Tutorials

        • Browse Tutorials

          Individual tutorials sorted by robot or kit, and language.
        • By Robot or Kit
          • ActivityBot
          • SumoBot WX
          • Boe-Bot
          • Shield-Bot
          • cyber:bot
          • Badge WX
          • ELEV-8
          • ARLO
        • By Language

        • By Language

          • Propeller C
          • Arduino
          • BlocklyProp
          • PBASIC
          • Python
          • MakeCode
          • View All Tutorials »
  • Educators
  • Reference
  • Downloads
  • Home
  • All Courses
  • Cybersecurity: Brute Force Attacks & Defenses

Cybersecurity: Brute Force Attacks & Defenses

Your Turn: Strategies to Strengthen PINs

Even if you add a fourth digit to the PIN, it can still be cracked in under two hours. How do modern cell phones, tablets, and teller machines deal with this problem and still keep PIN numbers short enough to be memorable? One technique they use is to only allow you a certain number of failed tries before making you wait a longer time. 

Here is a terminal password example you can run on one micro:bit to understand how this process works.

Example project: if_three_pin_fails_wait_an_hour

  • Enter and flash if_three_pin_fails_wait_an_hour into a micro:bit

  • Open a terminal and connect it to the micro:bit.
  • Press/release the micro:bit module’s reset button.
  • Try entering two incorrect PINs, followed by the correct 324 PIN.
  • Verify that it granted access.
  • Now, try entering three incorrect PINs in a row. Does the project prevent you from entering more PINs?

Assuming you didn’t have the ability to press and release the micro:bit module’s reset button after 3 incorrect tries, it would take 216 combinations x 1 hour/combination = 216 hours. You could further increase the security by having it make you wait a day before trying again, maybe after the 6th fail.

  • Open decimal_bank_vault_receiver, and duplicate it as decimal_bank_vault_receiver_your_turn.
  • Modify the project to incorporate the 3-tries-per-hour limit using the techniques in if_three_pin_fails_wait_an_hour.
  • Also, make the X on the LED display flash 3 times, and then scroll the wait 1 hour message.
  • Make sure it doesn’t display the small square until after the hour has passed.
  • Test your modifications to make sure your project responds correctly:
  • Try 2 incorrect PINs followed by a 3rd correct one.
  • Try 1 incorrect PIN followed by a second correct one.
  • Verify that it stops responding for an hour after the 3rd incorrect PIN.

There is still a glaring vulnerability in this system! Any micro:bit listening on the same channel will still receive a correctly entered PIN. In other words, the PIN is still totally vulnerable to sniffing attacks! 

  • Add the ascii_shift cipher functionality to decimal_pin_pad_transmitter_your_turn and decimal_bank_vault_receiver_your_turn.
Printer-friendly version
Decimal Bank Vault Crack
Prev
Crack a Cipher with Brute Force
Next

DISCUSSION FORUMS | PARALLAX INC. STORE

About | Terms of Use | Feedback: learn@parallax.com | Copyright©Parallax Inc. 2024

© 2025 Parallax Learn • Built with GeneratePress