On Wed Oct 08 16:29:21 2014, each@isc.org wrote:
> > => 1023 octets are a very large value for a PIN. BTW
> > with an enforced low limit of retries a short (4 digits) value
> > is common, i.e.:
> 
> Seems reasonable, since HSM PINs are always 1234 anyway. :)

=> the reason is the PIN must be available somewhere in clear
(usually in a file) to make the HSM operable by applications
as bind9 (this doesn't mean PINs are useless, only they are
for other things, and security is from a set of means...).