If you don't rotate the six-digit code, the probability an attacker who tries sequential codes gets the correct code in 1M attempts is 1.
But if you do rotate the code, the Bayesian probability that an attacker who tries random codes gets the correct code in 1M attempts is still about 60%, if I did my math right (and of course it asymptotically approaches 1 with more attempts).
If you don't rotate the six-digit code, the probability an attacker who tries sequential codes gets the correct code in 1M attempts is 1.
But if you do rotate the code, the Bayesian probability that an attacker who tries random codes gets the correct code in 1M attempts is still about 60%, if I did my math right (and of course it asymptotically approaches 1 with more attempts).