> What yor're missing is that the pin is assigned to be unique
> per ogganization and used as an index into a table of seeds
> (i.e., keys) used to run the same algorithm and check the
> number on the display.
At least for non-PIN-pad cards, the PIN is indeed a password. For Security
Dynamics' software products (ACM-4100/7100/ACE-Server et al), each user has
a PIN. The administrators can either force PINs to be set for each
user, in which case they may well be globally unique (within an
organization), or to allow users to select their own PINs. In
the later situation, it can be the case that a single PIN is assigned
to more than one user.
Bryan Koch, Cray Research