You can turn 4 characters, into a really long string with an HMAC. And there you go, it's better than just storing 4 characters.
Why would this be better than storing 4 characters? You can easily enumerate all 10000 possibilities in spite of the HMAC. Even if the string is longer, the bits of entropy remain the same.
Why the heck are you HMACing the password?!
What if they put in a 4 megabyte password, and send multiple requests? This could effectively DDoS you. However, you can prevent that, by pre-hashing with a fast algorithm such as SHA256.
Hashing is inherently throwing away some of the entropy, since it's a function mapping an arbitrary-sized input space (say, a 4MB password) into the output space of the hash function (in the case of SHA256, 256 bits). In this case, not storing 4 MB means that you're not really getting the "power" of a 4 MB long password.
Only 4 digit numbers, can be brute-forced within a reasonable amount of time. Think about it, you're only hashing 4 characters. You can turn 4 characters, into a really long string with an HMAC. And there you go, it's better than just storing 4 characters.
So it may seem like the output is longer, but really a hash/HMAC of an input space constrained to 4 numeric digits is not made harder to guess by passing it through a hash function. Since the hash function necessarily maps the same input to the same output, the range of possible outputs is still just 10,000 values. For example, a dictionary attack targeting pins would still be as effective against this scheme -- it does not inherently strengthen a weak password at all.
If the concern is simply to obscure the nature of the password (that it's a PIN) from an attacker, well, that smells a bit like security by obscurity to me :)
Why would this be better than storing 4 characters? You can easily enumerate all 10000 possibilities in spite of the HMAC. Even if the string is longer, the bits of entropy remain the same.
Though this proves effective since the HMAC is basically peppering the PIN?
This wouldn't be more effective? Even if the attacker didn't know the PIN was being saved with an HMAC?
Full disclosure: I am not an expert.
So there's two things at play here:
Hashing is inherently throwing away some of the entropy, since it's a function mapping an arbitrary-sized input space (say, a 4MB password) into the output space of the hash function (in the case of SHA256, 256 bits). In this case, not storing 4 MB means that you're not really getting the "power" of a 4 MB long password.
So it may seem like the output is longer, but really a hash/HMAC of an input space constrained to 4 numeric digits is not made harder to guess by passing it through a hash function. Since the hash function necessarily maps the same input to the same output, the range of possible outputs is still just 10,000 values. For example, a dictionary attack targeting pins would still be as effective against this scheme -- it does not inherently strengthen a weak password at all.
If the concern is simply to obscure the nature of the password (that it's a PIN) from an attacker, well, that smells a bit like security by obscurity to me :)
Okay. Thanks.