Mitigating attacks based on knowing the length of a Windows Hello PIN
When you set up a numeric PIN with Windows Hello, the system will immediately sign you in with that PIN once you enter the correct number of digits, saving you the trouble of having to press Enter. For example, if you set up an 8-digit PIN, then once you enter the eighth digit, the PIN validation process begins.
An attacker can use this behavior to discover the length of the PIN: Try to sign in once with some initial guess like “all ones” and see how many ones can be entered before the system starts validating the PIN.
Is this a problem?
Well, the length of the PIN isn’t really a tightly-guarded secret, because anybody who watches the screen while you sign in can count the dots that appear, or (if they have sharp ears) listen to the number of clacks of the keyboard.
The security team have done their own cost-benefit analysis of this behavior and and have tuned the system so that the convenience does not come at a significant loss of security: Through a combination of increasing the minimum PIN length, rejecting PINs that follow certain patterns, and decreasing the TPM’s anti-hammering threshold, the value of knowing the number of digits in the PIN is significantly reduced. Even with the shortest allowable PIN length, you won’t be able to make many guesses before the TPM temporarily locks out any further attempts to validate the PIN. Furthermore, the PIN length is not revealed to remote logons; anybody trying to steal this data must have physical access.
If you feel strongly about it, you can set your organization’s PIN policy to force alphanumeric PINs. For alphanumeric PINs, Windows requires that the user press Enter; it does not provide the convenience of accepting a PIN once the character count is reached.
Armed with this information, you may be able to address this security issue that was submitted:
Windows allows me to sign in with the wrong PIN.
To reproduce, set the user’s PIN to 122222. At the sign-screen, enter a 1, followed by any number of 2’s. All of them are accepted and sign the user in, even though the seven-digit and longer PINs are incorrect.
Bonus chatter: In the days before cell phones, companies would take advantage of a similar behavior of telephone switching hardware: Once the number you dialed formed a complete telephone number, the telephone system began connecting the call. Any numbers you dialed after that point were ignored. A company could advertise its telephone number with an eight-digit mnemonic (“Call 555-FABRIKAM to order!”), even though the last digit was ignored.
Light
Dark
15 comments
I used to get visits from the police if I didn’t answer the phone at 3 am to tell the operators that it was a false call. I found out that the field mice were chewing on the exposed phone cables. seems that land lines still support the old rotary dialing. And, mice chewing through cords can bite nine times, take a break, bite once, take another break. My phone company proactively called the emergency services (9-1-1 in the US) after getting ten pulses (the nine followed by the one).
I got a call from the emergency services once in the middle of the night since I supposedly called 911 & hung up (I assumed I must have done it while ‘sleepwalking’ or something?), I wonder if something analogous could happen with wireless phones & interference…
Is FABRIKAM the new CONTOSO?
I needed a fake company name that was longer than 7 characters. (U.S. phone numbers are of the form aaa-bbb-cccc.)
Hasn’t Fabrikam always been the “other” Contoso?
It seems Raymond prefers Contoso, but Fabrikam is one of the other fake MS companies.
https://devblogs.microsoft.com/oldnewthing/20061013-05/?p=29393
>If you feel strongly about it, you can set your organization’s PIN policy to force alphanumeric PINs.
I think that needs a better name, “alphanumeric PINs” is kinda clunky. Since they’re being used as a code to get past something, we could call them passcodes… but then we probably also want to encourage people to use full words rather than just throwing in token letter, so how about passwords?
Yeah, that’s it, we’ll call alphanumeric PINs “passwords”.
Besides, an “alphanumeric personal identification number” is a contradiction in terms.
It’s not quite the same as a password, because this “alphanumeric PIN” works only on that specific device, whereas the password can be used to sign in with that account on any device.
I always hate it when I mistype a digit in my PIN and the application starts validating immediately. Yes I know I made a typo, shut up and let me correct it.
Analogue telephone exchanges went even further, connecting the call as each digit was dialled.
When I was young, my father was a technician for the local telephone company, and I occasionally got to accompany him to work when he was on call. I have fond memories of the sounds of the building-sized Strowger exchange that served our small city. It became really eerie to walk through the building when they turned off all of that hardware after they built a small air-conditioned room in one small corner of the building to house the new computerized switch.
And emulating that behaviour acceptably is one of the challenges ISDN (and nowadays VoIP) had to face down; with the analogue system, you’re changing the routing as digits are dialed, so you don’t need to know whether you’ve seen enough digits yet, you just route as people dial, and you’re done, with left over digits simply not changing routing.
With digital systems, you either had to have a lookup table for “is this a complete number” and encode all the local rules into it (e.g. 411 is complete, but 555 could be either a 4 digit prefix or 7 digit number depending on local history, while 1 650 555 is always a prefix to an 11 digit number), or a way to send a partial number and find out if it completes a route or not (so when you dial 011 44, that sends the number to the international switch, which says that it knows to route it to the UK, but needs more digits, but when you dial 011 44 635 1234, that’s a complete number while 011 44 1 811 805 is incomplete, but would complete with an extra 5 on the end).
You can, of course, mix the two, so that the lookup table says “if you get this far, just send the number and see if it completes”.
In some cases, they just dropped some of the original behavior. For example, in the town I grew up in, let’s call it Town A, if you were calling someone in the same exchange, you could dial the last five digits of the number and it would connect. In a nearby small town, Town H, you could dial just the last four digits to talk to someone in town, but to talk to someone elsewhere in the county you had to first connect to the exchange in Town A, so if you were calling someone in Town P, you had to dial the first two digits of the Town A exchange, followed by the entire 7 digits of the Town P number, so you’d dial AA-PPP-xxxx. (As you may have guessed, the fact that the last 5 digits would connect a call within Town A is actually a consequence of this.)
There were also some other quirks that most people didn’t know, like that HHH-79xx was the same number as HHH-29xx, and the only difference was that the 79xx number was a payphone. This wasn’t a particularly useful piece of knowledge, but it was a quirk of the configuration of that particular electromechanical switch.
When they upgraded to digital switching, all of those little tricks stopped working. I know of at least one company whose burglar and fire alarms stopped working correctly when the 4-digit shortcut went away, and nobody noticed for years.
Why does Windows Hello require a PIN as a fallback rather than simply the use the existing username and password that’s already set up? I needed to turn on Windows Hello recently in order to get PassKeys to work. Why force people to set up a PIN when they’ve already got a password?
Interesting that you brought this up, since I mentioned this vulnerability in my blog post just 3-4 days before!
https://markusjansson.blogspot.com/2024/02/windows-hello-pin-koodin-haavoittuvuus.html
But you did not answer the question1:
How does Windows know the lenght of my PIN? If my pin is 12345 Windows cant send first “1”, then “12”, then “123”, then “1234” and finally “12345” as Im typing my PIN, to TPM or it would activate its antihammering features. So how does Windows know that my PIN is 5 digits long (or X digits long)?!? Where is this information stored?
And I would like to ask question2 too:
How is EFS key protected when Windows Hello PIN is used? EFS private key is normally encrypted by users Windows password, but when PIN is used the passphrase is not used at all…so how can Windows access EFS private key since user password is not given, only PIN? How is the EFS private key protected and unprotected when Windows Hello PIN is used?