3.1.5.6.1 Computing the PIN

When a PIN is exchanged in the PIN Challenge (section 2.2.5) or PIN Response (section 2.2.6) messages, it MUST be encoded and hashed using the following format.

The ASCII representation (with no NUL terminator) of the PIN is immediately concatenated with the binary representation of the IP address of the sender. These bytes are then hashed using SHA-256 [NIST.FIPS.180-4].

For example, if the sender has IP address 192.0.2.100 and the PIN is “12345678”, then the hash is derived as follows:

The data to hash is:

    31 32 33 34 35 36 37 38    c0 00 02 64

The resulting SHA-256 hash is:

    60 54 09 f8 32 30 8a d0    b8 93 a7 f9 1b e4 2b 26
    4c 73 72 b3 6e 90 77 50    6e 1b 4c c1 83 de 79 da

As another example, if the sender has IP address 2001:db8:1f::4242 and the PIN is “98765432”, then the hash is derived as follows:

The data to hash is:

    39 38 37 36 35 34 33 32    20 01 0d b8 00 1f 00 00
    00 00 00 00 00 00 42 42

The resulting SHA-256 hash is:

    b3 45 2b 2c 46 c8 3d 28    d8 d4 64 b6 69 7a 81 d1
    af 3f 35 61 07 e1 d0 73    1e a9 bb 18 38 03 f9 c7