diff --git a/legacy/firmware/CHANGELOG.md b/legacy/firmware/CHANGELOG.md
index 6d61e025d..992f4f833 100644
--- a/legacy/firmware/CHANGELOG.md
+++ b/legacy/firmware/CHANGELOG.md
@@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Changed
 - Allow decreasing the output value in RBF transactions.  [#1491]
+- Support long PIN of up to 50 digits.  [#1167]
 
 ### Deprecated
 
@@ -373,6 +374,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 [#1098]: https://github.com/trezor/trezor-firmware/issues/1098
 [#1105]: https://github.com/trezor/trezor-firmware/issues/1105
 [#1165]: https://github.com/trezor/trezor-firmware/pull/1165
+[#1167]: https://github.com/trezor/trezor-firmware/issues/1167
 [#1188]: https://github.com/trezor/trezor-firmware/issues/1188
 [#1351]: https://github.com/trezor/trezor-firmware/issues/1351
 [#1363]: https://github.com/trezor/trezor-firmware/pull/1363
diff --git a/legacy/firmware/config.c b/legacy/firmware/config.c
index 19a5be3fa..b8b7cf4bb 100644
--- a/legacy/firmware/config.c
+++ b/legacy/firmware/config.c
@@ -85,9 +85,6 @@ static const uint32_t META_MAGIC_V10 = 0xFFFFFFFF;
 
 #define MAX_SESSIONS_COUNT 10
 
-// The PIN value corresponding to an empty PIN.
-static const uint32_t PIN_EMPTY = 1;
-
 static uint32_t config_uuid[UUID_SIZE / sizeof(uint32_t)];
 _Static_assert(sizeof(config_uuid) == UUID_SIZE, "config_uuid has wrong size");
 
@@ -151,23 +148,6 @@ static const uint32_t CONFIG_VERSION = 11;
 static const uint8_t FALSE_BYTE = '\x00';
 static const uint8_t TRUE_BYTE = '\x01';
 
-static uint32_t pin_to_int(const char *pin) {
-  uint32_t val = 1;
-  size_t i = 0;
-  for (i = 0; i < MAX_PIN_LEN && pin[i] != '\0'; ++i) {
-    if (pin[i] < '0' || pin[i] > '9') {
-      return 0;
-    }
-    val = 10 * val + pin[i] - '0';
-  }
-
-  if (pin[i] != '\0') {
-    return 0;
-  }
-
-  return val;
-}
-
 static secbool config_set_bool(uint16_t key, bool value) {
   if (value) {
     return storage_set(key, &TRUE_BYTE, sizeof(TRUE_BYTE));
@@ -334,9 +314,10 @@ static secbool config_upgrade_v10(void) {
   }
 
   storage_init(NULL, HW_ENTROPY_DATA, HW_ENTROPY_LEN);
-  storage_unlock(PIN_EMPTY, NULL);
+  storage_unlock(PIN_EMPTY, PIN_EMPTY_LEN, NULL);
   if (config.has_pin) {
-    storage_change_pin(PIN_EMPTY, pin_to_int(config.pin), NULL, NULL);
+    storage_change_pin(PIN_EMPTY, PIN_EMPTY_LEN, (const uint8_t *)config.pin,
+                       strnlen(config.pin, MAX_PIN_LEN), NULL, NULL);
   }
 
   while (pin_wait != 0) {
@@ -410,7 +391,7 @@ void config_init(void) {
 
   // Auto-unlock storage if no PIN is set.
   if (storage_is_unlocked() == secfalse && storage_has_pin() == secfalse) {
-    storage_unlock(PIN_EMPTY, NULL);
+    storage_unlock(PIN_EMPTY, PIN_EMPTY_LEN, NULL);
   }
 
   uint16_t len = 0;
@@ -782,7 +763,8 @@ bool config_containsMnemonic(const char *mnemonic) {
  */
 bool config_unlock(const char *pin) {
   char oldTiny = usbTiny(1);
-  secbool ret = storage_unlock(pin_to_int(pin), NULL);
+  secbool ret =
+      storage_unlock((const uint8_t *)pin, strnlen(pin, MAX_PIN_LEN), NULL);
   usbTiny(oldTiny);
   return sectrue == ret;
 }
@@ -790,19 +772,15 @@ bool config_unlock(const char *pin) {
 bool config_hasPin(void) { return sectrue == storage_has_pin(); }
 
 bool config_changePin(const char *old_pin, const char *new_pin) {
-  uint32_t new_pin_int = pin_to_int(new_pin);
-  if (new_pin_int == 0) {
-    return false;
-  }
-
   char oldTiny = usbTiny(1);
-  secbool ret =
-      storage_change_pin(pin_to_int(old_pin), new_pin_int, NULL, NULL);
+  secbool ret = storage_change_pin(
+      (const uint8_t *)old_pin, strnlen(old_pin, MAX_PIN_LEN),
+      (const uint8_t *)new_pin, strnlen(new_pin, MAX_PIN_LEN), NULL, NULL);
   usbTiny(oldTiny);
 
 #if DEBUG_LINK
   if (sectrue == ret) {
-    if (new_pin_int != PIN_EMPTY) {
+    if (new_pin[0] != '\0') {
       storage_set(KEY_DEBUG_LINK_PIN, new_pin, strnlen(new_pin, MAX_PIN_LEN));
     } else {
       storage_delete(KEY_DEBUG_LINK_PIN);
@@ -810,8 +788,6 @@ bool config_changePin(const char *old_pin, const char *new_pin) {
   }
 #endif
 
-  memzero(&new_pin_int, sizeof(new_pin_int));
-
   return sectrue == ret;
 }
 
@@ -824,16 +800,11 @@ bool config_getPin(char *dest, uint16_t dest_size) {
 bool config_hasWipeCode(void) { return sectrue == storage_has_wipe_code(); }
 
 bool config_changeWipeCode(const char *pin, const char *wipe_code) {
-  uint32_t wipe_code_int = pin_to_int(wipe_code);
-  if (wipe_code_int == 0) {
-    return false;
-  }
-
   char oldTiny = usbTiny(1);
-  secbool ret = storage_change_wipe_code(pin_to_int(pin), NULL, wipe_code_int);
+  secbool ret = storage_change_wipe_code(
+      (const uint8_t *)pin, strnlen(pin, MAX_PIN_LEN), NULL,
+      (const uint8_t *)wipe_code, strnlen(wipe_code, MAX_PIN_LEN));
   usbTiny(oldTiny);
-
-  memzero(&wipe_code_int, sizeof(wipe_code_int));
   return sectrue == ret;
 }
 
@@ -982,7 +953,7 @@ void config_wipe(void) {
   char oldTiny = usbTiny(1);
   storage_wipe();
   if (storage_is_unlocked() != sectrue) {
-    storage_unlock(PIN_EMPTY, NULL);
+    storage_unlock(PIN_EMPTY, PIN_EMPTY_LEN, NULL);
   }
   usbTiny(oldTiny);
   random_buffer((uint8_t *)config_uuid, sizeof(config_uuid));
diff --git a/legacy/firmware/config.h b/legacy/firmware/config.h
index 4777cb34a..ee33064b8 100644
--- a/legacy/firmware/config.h
+++ b/legacy/firmware/config.h
@@ -79,7 +79,7 @@ typedef struct _Storage {
 
 extern Storage configUpdate;
 
-#define MAX_PIN_LEN 9
+#define MAX_PIN_LEN 50
 #define MAX_LABEL_LEN 32
 #define MAX_LANGUAGE_LEN 16
 #define MAX_MNEMONIC_LEN 240
diff --git a/legacy/firmware/protob/messages-common.options b/legacy/firmware/protob/messages-common.options
index ee00827c9..29176fec8 100644
--- a/legacy/firmware/protob/messages-common.options
+++ b/legacy/firmware/protob/messages-common.options
@@ -2,7 +2,7 @@ Success.message                         max_size:256
 
 Failure.message                         max_size:256
 
-PinMatrixAck.pin                        max_size:10
+PinMatrixAck.pin                        max_size:51
 
 PassphraseAck.passphrase                max_size:51
 
diff --git a/legacy/firmware/protob/messages-debug.options b/legacy/firmware/protob/messages-debug.options
index 4e6b56e71..87c7643be 100644
--- a/legacy/firmware/protob/messages-debug.options
+++ b/legacy/firmware/protob/messages-debug.options
@@ -3,7 +3,7 @@ DebugLinkDecision.x                     type:FT_IGNORE
 DebugLinkDecision.y                     type:FT_IGNORE
 
 DebugLinkState.layout                   max_size:1024
-DebugLinkState.pin                      max_size:10
+DebugLinkState.pin                      max_size:51
 DebugLinkState.matrix                   max_size:10
 DebugLinkState.mnemonic_secret          max_size:240
 DebugLinkState.reset_word               max_size:12
diff --git a/legacy/firmware/protob/messages-management.options b/legacy/firmware/protob/messages-management.options
index c77537736..eb56bca99 100644
--- a/legacy/firmware/protob/messages-management.options
+++ b/legacy/firmware/protob/messages-management.options
@@ -19,7 +19,7 @@ ApplySettings.homescreen                max_size:1024
 Ping.message                            max_size:256
 
 LoadDevice.mnemonics                    max_count:16 max_size:241
-LoadDevice.pin                          max_size:10
+LoadDevice.pin                          max_size:51
 LoadDevice.language                     max_size:17
 LoadDevice.label                        max_size:33
 
diff --git a/legacy/norcow_config.h b/legacy/norcow_config.h
index 59a2d79f3..83ef249ea 100644
--- a/legacy/norcow_config.h
+++ b/legacy/norcow_config.h
@@ -36,6 +36,6 @@
 /*
  * Current storage version.
  */
-#define NORCOW_VERSION ((uint32_t)0x00000002)
+#define NORCOW_VERSION ((uint32_t)0x00000003)
 
 #endif