Authen::PIN - Create and verify strong PIN numbers


  use Authen::PIN;

  my $pinset = new Authen::PIN ('PPPCCP123HHHHHHHV',
                                $start          # Optional

  $pinset->set($start);         # Preferred
  $pinset->pin($pass_through, $serial);

# OR

  $pinset->pin($serial);        # undef $pass_through


This module provides an interface to create crypto-strong PIN numbers for applications such as calling cards that require a number that is difficult to guess and that might convey hidden information.

It is based on templates, that define how the resulting PIN number will be constructed by combining the following components:

Pass through values

This is represented in the template with the letter 'P'. It is copied as is to the resulting PIN. Digits are passed to the template from left to right. If the supplied value in the call to ->pin is too short, it will be left-padded with zeros.


Represented in the template with the letter 'C'. This is a regular counter that starts at the value passed to ->set or $start (if specified) and is incremented for each call to ->pin by whatever value was passed to ->inc (or 1 by default).


These are represented by the letter 'H'. When calling ->pin($pass, $serial), the concatenation of $pass and $serial are passed through the MD5 function and the result converted to a string of digits. This string is replaced, from left to right, into the supplied template. There is a limit in the number of digits that a hash can generate. Using more than 20 or so digits is discouraged as this might result in PIN numbers that are not strong enough. In practice, a PIN number with such a large number of digits is probably of little use.

Verification digit

It is represented with the 'V' character in the template. When found, a checksum of the PIN constructed so far will be calculated and placed at the current position. This is usually used as the last digit in the PIN template, to allow for a digit that allows for the simple discard of bogus PIN number, avoiding more expensive database operations in a complete application. The algorythm used for this checksum, is the same used by credit cards, as implemented by Business::Creditcard.

Literal digits

Digits in the range 0-9 are copied to the resulting PIN.


Luis E. Munoz <>


1.00 Fri Jan 12 15:51:03 2001 original version; created by h2xs 1.19
1.10 Thu Mar 01 18:15:00 2001 modified to use Number::Encode to achieve a more robust PIN digit distribution


This code has the same warranty that Perl itself.


perl(1), Digest::MD5.