I think I'd be cool with it if they gave a good explanation that I could reason about, e.g. "your pin contains a 3 digit increasing sequence" or"your pin is the name of a popular book". I'd be even happier if it could give me a list of "here are some more secure pins similar to the one you chose"

Argh... wouldn't that make it brute force attacks more efficient? E.g. the suspect/victim is born on May 31st, his iPhone allows 10 PIN attempts. Your attack algorithm becomes:

1. Input "0531" on another iPhone's setup screen.

2. Try "0531" and the other suggested PINs, based on distance from thumb to the option.

Well, how is that any worse than the current situation? If you are 100% sure that the pin is based on the birthday, you probably already won

Hehe that feels like itd be a good xkcd comic - “sorry your pin can’t be used because it’s a mersenne prime”, "sorry this is the first 4 digits of Tau", etc.

Your PIN can't be used because it is the smallest number not on our list of PINs that are too easy to guess for other reasons.

Your PIN can't be used because it is the smallest number not on our list of PINs that are too easy to guess for other reasons + the smallest previous number.

That reminds me of the story of the man who was ordered to be executed next week, but he is not allowed to know the day of his execution until the morning of.

He figures if by Friday morning he has not been told, then he will immediately know his execution is on Saturday, thus violating the Judge's order; therefore he cannot be executed on Saturday.

Knowing he can't be executed on Saturday, if on Thursday morning he has not been told, he knows he must be executed on Friday, thus violating the Judge's order. By induction it would violate the Judge's order to execute him on any day of the next week.

The following Tuesday he was thus completely surprised to be taken out to be executed.

And thus by induction we know that there are no valid PINs.

This makes it really hard to guess what the PIN actually is. Win!

I hypothesize without proof that if you enter "A, B, C, D" for any single-digit A, B, C, and D into http://oeis.org/ that you will find some reason why that is not a valid PIN.

7397: Digits 4-8 of the sequence "sum of iterated phi(n)".

1074: Sorry, that's digits 4-8 of log_21(8). Please try again.

6235: Sorry, that's digits 10-14 of an irregular triangle read by row's squarefree quadratic non-residues. Please try again.

2099: Sorry, that's digits 4-8 of the decimal expansion of the x-intercept of the shortest segment from the positive x axis through (2,1) to the line y=x.

Clearly, these are all way too easy to guess for an attacker for you to use them as a PIN number.

"Sorry, your pin can't be used because someone else already used it"

https://blog.xkcd.com/2008/01/14/robot9000-and-xkcd-signal-a...

Fair question. On the other hand, all pins are easy to guess (very short, small charset) so maybe they're not blocking enough. :D