what's the point of this effort? if their criteria is 40 guesses or less, when it's an automated attack does it matter whether it's 40 guesses or 9999? if you have access to repeatedly guess for up to 40 times without locking out the device you could keep it going on a loop to any other number.
either 4 digit pins are all bad, or they're not. do not pre-define some subset. all this is going to do, if someone was to take this seriously, is make it an extremely user hostile experience by some app. i already hate how some bank apps instead of morphing over to face ID or other secure methods of verification, or even Authy, will harass me to no end to modify the password to some gibberish that they've pre-determined to be 'safe'.
also, if you're building a brute force code breaker are you really going to program the 40 most probable pins upfront and then have a loop? i'd think that you just create n+1 loop starting at 0000 and that's it.
either 4 digit pins are all bad, or they're not. do not pre-define some subset. all this is going to do, if someone was to take this seriously, is make it an extremely user hostile experience by some app. i already hate how some bank apps instead of morphing over to face ID or other secure methods of verification, or even Authy, will harass me to no end to modify the password to some gibberish that they've pre-determined to be 'safe'.
also, if you're building a brute force code breaker are you really going to program the 40 most probable pins upfront and then have a loop? i'd think that you just create n+1 loop starting at 0000 and that's it.