From 9adaf1434f988b957398ef0494c1455cbef55dc1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 16 Aug 2016 03:23:43 +0200
Subject: [PATCH] Block 20 most chosen PINs

---
 .../ui/CreateSecurityTokenPinFragment.java    | 25 +++++++++++++------
 OpenKeychain/src/main/res/values/strings.xml  |  2 +-
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenPinFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenPinFragment.java
index 45cf7a665..a6ecef4e6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenPinFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenPinFragment.java
@@ -47,19 +47,30 @@ public class CreateSecurityTokenPinFragment extends Fragment {
     View mBackButton;
     View mNextButton;
 
+    // top 20 according to http://datagenetics.com/blog/september32012/index.html
+    // extended from 4 digits to 6 for our use case
     private static HashSet<String> sPinBlacklist = new HashSet<>(Arrays.asList(
-            "000000",
+            "123456",
             "111111",
-            "222222",
-            "333333",
+            "000000",
+            "121212",
+            "777777",
+            // "1004", makes no sense as "100004", see blog post
+            "200000",
             "444444",
+            "222222",
+            "696969",
+            "999999",
+            "333333",
             "555555",
             "666666",
-            "777777",
+            "111222",
+            "131313",
             "888888",
-            "999999",
-            "123456",
-            "XXXXXX"
+            "654321",
+            "200001",
+            "101010",
+            "XXXXXX" // additional: should not be used, as this PIN is entered for resetting the card
     ));
 
     /**
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 878362486..21b6c09a7 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -791,7 +791,7 @@
     <string name="create_key_yubi_key_pin_repeat">"Repeat PIN"</string>
     <string name="create_key_yubi_key_pin_not_correct">"PIN is not correct!"</string>
     <string name="create_key_yubi_key_pin_too_short">"PIN must be at least 6 numbers long!"</string>
-    <string name="create_key_yubi_key_pin_insecure">"Please choose a secure PIN, not 000000, 123456 or similar combinations."</string>
+    <string name="create_key_yubi_key_pin_insecure">"Please choose a secure PIN, not 000000, 123456 or similar combinations (the top 20 most chosen PINs are not allowed)"</string>
 
     <!-- View key -->
     <string name="view_key_revoked">"Revoked: Key must not be used anymore!"</string>