Friday, 7 January 2011
I've just got a new banking card ("EC-Karte") and my new PIN. Surprise: my new "randomly" generated PIN is the same as the "randomly" generated PIN from one of my previous cards.
I've had quite a number of cards over the years (obviously, they don't like me sitting on them when they're in my wallet) and have observed this reoccurance of same PINs a few years ago. However, back than I didn't keep record of which card at which time had which PIN; it was more of a faint recollection like "hey, didn't I already have this PIN in the past?".
As of today I have proof (as in documentation) that the "randomly" generated PIN for my new card is the same as the "randomly" generated PIN from my card issued in 2007. Obviously, I've already changed the PIN using the online banking system to something else.
All in all, I would say that with the ~10 cards I've had over the last 15 years I've only seen about 3 (at the most 4) different PINs assigned to me. I guess they've adopted Debian's PRNG implementation long before even Debian did.