> For the complete documentation index, see [llms.txt](https://docs.cypherock.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cypherock.com/security-overview/physical-attacks/pin-brute-force-attack.md). # PIN Brute Force Attack A PIN brute force attack is a type of attack that hackers can use to gain unauthorized access to a crypto wallet by guessing the correct PIN. In a PIN brute force attack, the hacker uses a computer program that automatically tries every possible combination of numbers until the correct PIN is found. Cypherock provides users the ability to create a eight-digit alphanumeric PIN which provides a much bigger sample space compared to a numeric PIN. Even if an attacker were to be able to generate all possible PIN combinations, there are two main ways that Cypherock X1 users will be protected. Cypherock has implemented a proof-of-work lock system called the CyLock that locks the wallet for longer durations of time as more wrong attempts are made. You can learn more about Cypherock's brute force protection in detail through our [github page](https://github.com/Cypherock/x1_wallet_firmware/blob/main/docs/cylock__proof_of_work.md). Additionally, the PIN itself is never stored on the X1 Vault. If the user has set a PIN for a wallet, the Cryptographic part is first encrypted and then stored in the NVM of the STM32. The decryption is done using the first hash of the PIN. The security of PIN is unaffected by this behavior since the nonce for encryption is stored on the X1 cards. The nonce for encryption acts as salt for the encryption along with the hash of the PIN. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cypherock.com/security-overview/physical-attacks/pin-brute-force-attack.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.