Keyspace
Attacker rate
Time to try the whole keyspace

This models the offline attack (a dumped flash). On the device itself, online guessing is capped by a brute-force lockout that wipes the vault after a handful of tries.

About This Tool

A 4-digit PIN has only 10,000 possible values. This calculator shows what that means against an offline attacker who has dumped the flash: pick a secret space, a PBKDF2 work factor, and a GPU, and it estimates the time to sweep the whole keyspace.

Then flip on device binding — and the offline attack becomes infeasible, because every guess now needs a per-chip secret that can’t be extracted from the hardware.

It is the interactive companion to the article Your 4-Digit PIN Is Fine: Device-Bound Keys on ESP32-S3.

What Does It Compute?

  • Keyspace — the alphabet size raised to the secret length.

  • Attacker rate — raw GPU SHA-256 throughput divided by the PBKDF2 work (≈ two SHA-256 compressions per iteration).

  • Time — keyspace ÷ rate to try every candidate; the expected time to find the secret is roughly half of that.

A Note on Realism

This models the offline attack on an exfiltrated vault. On the device itself, online guessing is stopped first by a brute-force lockout that wipes the vault after a handful of wrong tries — the iteration count is sized for unlock latency, not as the brute-force defense.

Privacy

Everything is computed in your browser with simple arithmetic. No inputs are transmitted anywhere.

Frequently asked questions

How long does it take to brute-force a 4-digit PIN?

A 4-digit PIN has only 10,000 possible values, so a GPU with no key-stretching cracks it almost instantly. The real defense is a PBKDF2 work factor that slows each guess, or device binding that makes offline guessing infeasible.

Does increasing the PBKDF2 iteration count stop brute-force attacks?

Higher iteration counts multiply the per-guess cost, raising the time to sweep the whole keyspace, but the count is sized for unlock latency, not as the brute-force defense. For a small PIN keyspace it slows an offline attacker but does not make the attack infeasible on its own.

How does device binding make a PIN brute-force infeasible?

Device binding mixes a per-chip secret into key derivation, so every guess needs hardware that can't be extracted from the dumped flash. The attacker can no longer test candidates offline against the exfiltrated vault.

How does the calculator estimate attacker speed?

It divides the GPU's raw SHA-256 throughput by the PBKDF2 work, treating each iteration as roughly two SHA-256 compressions. Keyspace divided by that rate gives the time to try every candidate; the expected time to find the secret is about half of that.

Is anything I type sent to a server?

No. Every value is computed in your browser with simple arithmetic, and no inputs are transmitted anywhere.