mmgen-wallet/README.md

MMGen = Multi-Mode GENerator
============================
##### a Bitcoin cold storage solution for the command line

### Description

MMGen is a Bitcoin cold-storage system implemented as a suite of Python
command-line scripts requiring only a bare minimum of system resources.  The
scripts work in tandem with a reference Bitcoin Core daemon (bitcoind) running
on both an online and an offline computer to provide a robust solution for
securely storing, tracking, sending and receiving Bitcoins.  To track address
balances without exposing keys on the online computer, MMGen relies on Bitcoin
Core's newly included watch-only address support.  Ordinary Bitcoin addresses
can also be tracked and spent, creating an easy migration path from other
wallets.

MMGen is designed for reliability by having the reference Bitcoin Core daemon,
rather than less-tested third-party software, do all the "heavy lifting" of
tracking and signing transactions.  It's also designed for privacy: unlike some
other online/offline wallet solutions, MMGen plus Bitcoin Core is a **completely
self-contained system** requiring no external Internet resources except for the
Bitcoin network itself to do its work: no third parties are involved, and thus
no information regarding which addresses you're tracking is leaked to the
outside world.

Like all deterministic wallets, MMGen can generate a virtually unlimited number
of address/key pairs from a single seed.  Your wallet never changes, so you need
back it up only once.  Transactions are signed offline: your seed and private
keys never touch an online computer.

At the heart of the MMGen system is the seed, the "master key" providing access
to all your Bitcoins.  The seed can be stored in five different ways:

  1. as a password-encrypted wallet.  For password hashing, the crack-resistant
	 scrypt hash function is used.  Scrypt's parameters can be tuned on the
	 command line to make your wallet's password virtually impossible to crack
	 should it fall into the wrong hands.  The wallet is a tiny, six-line text
	 file suitable for printing or even writing out by hand;

  2. as a seed file: a one-line, conveniently formatted base-58 representation
	 of your unencrypted seed plus a checksum;

  3. as an Electrum-like mnemonic of 12, 18 or 24 words;

  4. as a brainwallet passphrase (this option is recommended only for users who
	 understand the risks of brainwallets and know how to create a strong
	 brainwallet passphrase).  The brainwallet is hashed using scrypt with
	 tunable parameters, making it much harder to crack than standard SHA-256
	 brainwallets; or

  5. as "incognito data", an MMGen wallet encrypted to make it indistinguishable
	 from random data.  This data can be hidden in and retrieved from a
	 random-data filled disk partition or file at an offset of your choice.
	 This makes it possible to hide a wallet in a public location -- on cloud
	 storage, for example.  Incognito wallet hiding/retrieval is seamlessly
	 integrated into MMGen, making its use nearly as easy as that of the
	 standard wallet.

The best part is that all these methods can be combined.  If you forget your
mnemonic, for example, you can regenerate it and your keys from the stored
wallet or seed file.  Correspondingly, a lost wallet can be regenerated from the
mnemonic or seed or a lost seed from the wallet or mnemonic.  Keys from a
forgotten brainwallet can be recovered from the brainwallet's corresponding
wallet file.

#### Why MMGen is not a BIP32 wallet

Most popular deterministic wallets use the elliptic-curve-based BIP32 or
Electrum protocols to generate their key/address pairs.  MMGen, on the other
hand, uses a much simpler system: a simple SHA-512 hash chain with double
SHA-256 branches.  One advantage of this system is that you can recover your
keys from an MMGen seed without the MMGen program itself using standard
command-line utilities.  But the most important advantage is security:
elliptic-curve wallets are not only cryptographically weaker than hash-bashed
ones but have a dangerous flaw -- their 'master public key' feature allows an
attacker to recover any key in the wallet from a single compromised key (for a
detailed discussion of this problem, see Vitalik Buterin's article
[Deterministic Wallets, Their Advantages and Their Understated Flaws][7]).
Though the master public key feature of BIP32 and Electrum wallets is undeniably
convenient, MMGen makes up for its absence by allowing you to save a virtually
unlimited number of Bitcoin addresses for future use in an address file, which
addresses may safely be made public.


### Download/Install

> #### [Install on Microsoft Windows][1]

> #### [Install on Debian/Ubuntu Linux][2]


### Using MMGen

> #### [Getting Started with MMGen][3]

> #### [MMGen command help][6]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[**Forum**][4] |
[PGP Public Key][5] |
Donate: 15TLdmi5NYLdqmtCqczUs5pBPkJDXRs83w

[1]: https://github.com/mmgen/mmgen/wiki/Install-MMGen-on-Microsoft-Windows
[2]: https://github.com/mmgen/mmgen/wiki/Install-MMGen-on-Debian-or-Ubuntu-Linux
[3]: https://github.com/mmgen/mmgen/wiki/Getting-Started-with-MMGen
[4]: https://bitcointalk.org/index.php?topic=567069.0
[5]: https://github.com/mmgen/mmgen/wiki/MMGen-Signing-Key
[6]: https://github.com/mmgen/mmgen/wiki/MMGen-command-help
[7]: http://bitcoinmagazine.com/8396/deterministic-wallets-advantages-flaw/