February 27th, 2024
likeheart2 reactions

Mitigating attacks based on knowing the length of a Windows Hello PIN

When you set up a numeric PIN with Windows Hello, the system will immediately sign you in with that PIN once you enter the correct number of digits, saving you the trouble of having to press Enter. For example, if you set up an 8-digit PIN, then once you enter the eighth digit, the PIN validation process begins.

An attacker can use this behavior to discover the length of the PIN: Try to sign in once with some initial guess like “all ones” and see how many ones can be entered before the system starts validating the PIN.

Is this a problem?

Well, the length of the PIN isn’t really a tightly-guarded secret, because anybody who watches the screen while you sign in can count the dots that appear, or (if they have sharp ears) listen to the number of clacks of the keyboard.

The security team have done their own cost-benefit analysis of this behavior and and have tuned the system so that the convenience does not come at a significant loss of security: Through a combination of increasing the minimum PIN length, rejecting PINs that follow certain patterns, and decreasing the TPM’s anti-hammering threshold, the value of knowing the number of digits in the PIN is significantly reduced. Even with the shortest allowable PIN length, you won’t be able to make many guesses before the TPM temporarily locks out any further attempts to validate the PIN. Furthermore, the PIN length is not revealed to remote logons; anybody trying to steal this data must have physical access.

If you feel strongly about it, you can set your organization’s PIN policy to force alphanumeric PINs. For alphanumeric PINs, Windows requires that the user press Enter; it does not provide the convenience of accepting a PIN once the character count is reached.

Armed with this information, you may be able to address this security issue that was submitted:

Windows allows me to sign in with the wrong PIN.

To reproduce, set the user’s PIN to 122222. At the sign-screen, enter a 1, followed by any number of 2’s. All of them are accepted and sign the user in, even though the seven-digit and longer PINs are incorrect.

Bonus chatter: In the days before cell phones, companies would take advantage of a similar behavior of telephone switching hardware: Once the number you dialed formed a complete telephone number, the telephone system began connecting the call. Any numbers you dialed after that point were ignored. A company could advertise its telephone number with an eight-digit mnemonic (“Call 555-FABRIKAM to order!”), even though the last digit was ignored.

Author

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

15 comments

Discussion is closed. Login to edit/delete existing comments.

Sort by :
  • M J

    Interesting that you brought this up, since I mentioned this vulnerability in my blog post just 3-4 days before!
    https://markusjansson.blogspot.com/2024/02/windows-hello-pin-koodin-haavoittuvuus.html

    But you did not answer the question1:
    How does Windows know the lenght of my PIN? If my pin is 12345 Windows cant send first "1", then "12", then "123", then "1234" and finally "12345" as Im typing my PIN, to TPM or it would activate its antihammering features. So how does Windows know that my PIN is 5 digits long (or X digits long)?!? Where is this information stored?

    And I would like to ask question2 too:
    How is EFS key...

    Read more
  • Daniel Smith

    Why does Windows Hello require a PIN as a fallback rather than simply the use the existing username and password that’s already set up? I needed to turn on Windows Hello recently in order to get PassKeys to work. Why force people to set up a PIN when they’ve already got a password?

  • Neil Rashbrook

    Analogue telephone exchanges went even further, connecting the call as each digit was dialled.

    • Simon Farnsworth

      And emulating that behaviour acceptably is one of the challenges ISDN (and nowadays VoIP) had to face down; with the analogue system, you're changing the routing as digits are dialed, so you don't need to know whether you've seen enough digits yet, you just route as people dial, and you're done, with left over digits simply not changing routing.

      With digital systems, you either had to have a lookup table for "is this a complete number" and encode all the local rules into it (e.g. 411 is complete, but 555 could be either a 4 digit prefix or 7 digit number...

      Read more
      • Ron Parker

        In some cases, they just dropped some of the original behavior. For example, in the town I grew up in, let's call it Town A, if you were calling someone in the same exchange, you could dial the last five digits of the number and it would connect. In a nearby small town, Town H, you could dial just the last four digits to talk to someone in town, but to talk to someone elsewhere in the county you had to first connect to the exchange in Town A, so if you were calling someone in Town P, you had...

        Read more
    • Ron Parker

      When I was young, my father was a technician for the local telephone company, and I occasionally got to accompany him to work when he was on call. I have fond memories of the sounds of the building-sized Strowger exchange that served our small city. It became really eerie to walk through the building when they turned off all of that hardware after they built a small air-conditioned room in one small corner of the building to house the new computerized switch.

  • Yuri Khan

    I always hate it when I mistype a digit in my PIN and the application starts validating immediately. Yes I know I made a typo, shut up and let me correct it.