|
@@ -5,20 +5,14 @@ MMGen = Multi-Mode GENerator
|
|
|
### Description
|
|
|
|
|
|
MMGen is a Bitcoin cold-storage system implemented as a suite of Python
|
|
|
-command-line scripts that require only a bare minimum of system resources. The
|
|
|
-scripts work in tandem with the reference Bitcoin Core daemon (bitcoind) running
|
|
|
+command-line scripts requiring only a bare minimum of system resources. The
|
|
|
+scripts work in tandem with a reference Bitcoin Core daemon (bitcoind) running
|
|
|
on both an online and an offline computer to provide a robust solution for
|
|
|
-securely storing, tracking, sending and receiving Bitcoins. "Non-MMGen"
|
|
|
-addresses can be tracked and spent as well, creating an easy migration path from
|
|
|
-other wallets.
|
|
|
-
|
|
|
-To track address balances, MMGen relies on Bitcoin Core's newly included support
|
|
|
-for watch-only addresses. Binary builds with this feature will become available
|
|
|
-with the next release of Bitcoin Core. In the meantime, users can download the
|
|
|
-Bitcoin source from the project's official repository on Github and compile it,
|
|
|
-a trivial task on Linux. Compilation instructions for Windows are also
|
|
|
-included, though Windows users may find it easier to wait for the binary from
|
|
|
-the upcoming release.
|
|
|
+securely storing, tracking, sending and receiving Bitcoins. To track address
|
|
|
+balances without exposing keys on the online computer, MMGen relies on Bitcoin
|
|
|
+Core's newly included watch-only address support. Ordinary Bitcoin addresses
|
|
|
+can also be tracked and spent, creating an easy migration path from other
|
|
|
+wallets.
|
|
|
|
|
|
MMGen is designed for reliability by having the reference Bitcoin Core daemon,
|
|
|
rather than less-tested third-party software, do all the "heavy lifting" of
|
|
@@ -35,26 +29,57 @@ back it up only once. Transactions are signed offline: your seed and private
|
|
|
keys never touch an online computer.
|
|
|
|
|
|
At the heart of the MMGen system is the seed, the "master key" providing access
|
|
|
-to all your Bitcoins. The seed can be stored in four different ways:
|
|
|
+to all your Bitcoins. The seed can be stored in five different ways:
|
|
|
|
|
|
1. as a password-encrypted wallet. For password hashing, the crack-resistant
|
|
|
- scrypt hash function is used. Scrypt's parameters can be customized on the
|
|
|
+ scrypt hash function is used. Scrypt's parameters can be tuned on the
|
|
|
command line to make your wallet's password virtually impossible to crack
|
|
|
should it fall into the wrong hands. The wallet is a tiny, six-line text
|
|
|
file suitable for printing or even writing out by hand;
|
|
|
|
|
|
- 2. as a seed file: a one-line base-58 representation of your unencrypted seed
|
|
|
- with a checksum;
|
|
|
+ 2. as a seed file: a one-line, conveniently formatted base-58 representation
|
|
|
+ of your unencrypted seed plus a checksum;
|
|
|
|
|
|
- 3. as an Electrum-like mnemonic of 12, 18 or 24 words; or
|
|
|
+ 3. as an Electrum-like mnemonic of 12, 18 or 24 words;
|
|
|
|
|
|
- 4. as a brainwallet password (this option is recommended for expert users
|
|
|
- only).
|
|
|
+ 4. as a brainwallet passphrase (this option is recommended only for users who
|
|
|
+ understand the risks of brainwallets and know how to create a strong
|
|
|
+ brainwallet passphrase). The brainwallet is hashed using scrypt with
|
|
|
+ tunable parameters, making it much harder to crack than standard SHA-256
|
|
|
+ brainwallets; or
|
|
|
+
|
|
|
+ 5. as "incognito data", an MMGen wallet encrypted to make it indistinguishable
|
|
|
+ from random data. This data can be hidden in and retrieved from a
|
|
|
+ random-data filled disk partition or file at an offset of your choice.
|
|
|
+ This makes it possible to hide a wallet in a public location -- on cloud
|
|
|
+ storage, for example. Incognito wallet hiding/retrieval is seamlessly
|
|
|
+ integrated into MMGen, making its use nearly as easy as that of the
|
|
|
+ standard wallet.
|
|
|
|
|
|
The best part is that all these methods can be combined. If you forget your
|
|
|
mnemonic, for example, you can regenerate it and your keys from the stored
|
|
|
wallet or seed file. Correspondingly, a lost wallet can be regenerated from the
|
|
|
-mnemonic or seed or a lost seed from the wallet or mnemonic.
|
|
|
+mnemonic or seed or a lost seed from the wallet or mnemonic. Keys from a
|
|
|
+forgotten brainwallet can be recovered from the brainwallet's corresponding
|
|
|
+wallet file.
|
|
|
+
|
|
|
+#### Why MMGen is not a BIP32 wallet
|
|
|
+
|
|
|
+Most popular deterministic wallets use the elliptic-curve-based BIP32 or
|
|
|
+Electrum protocols to generate their key/address pairs. MMGen, on the other
|
|
|
+hand, uses a much simpler system: a simple SHA-512 hash chain with double
|
|
|
+SHA-256 branches. One advantage of this system is that you can recover your
|
|
|
+keys from an MMGen seed without the MMGen program itself using standard
|
|
|
+command-line utilities. But the most important advantage is security:
|
|
|
+elliptic-curve wallets are not only cryptographically weaker than hash-bashed
|
|
|
+ones but have a dangerous flaw -- their 'master public key' feature allows an
|
|
|
+attacker to recover any key in the wallet from a single compromised key (for a
|
|
|
+detailed discussion of this problem, see Vitalik Buterin's article
|
|
|
+[Deterministic Wallets, Their Advantages and Their Understated Flaws][7]).
|
|
|
+Though the master public key feature of BIP32 and Electrum wallets is undeniably
|
|
|
+convenient, MMGen makes up for its absence by allowing you to save a virtually
|
|
|
+unlimited number of Bitcoin addresses for future use in an address file, which
|
|
|
+addresses may safely be made public.
|
|
|
|
|
|
|
|
|
### Download/Install
|
|
@@ -82,3 +107,4 @@ Donate: 15TLdmi5NYLdqmtCqczUs5pBPkJDXRs83w
|
|
|
[4]: https://bitcointalk.org/index.php?topic=567069.0
|
|
|
[5]: https://github.com/mmgen/mmgen/wiki/MMGen-Signing-Key
|
|
|
[6]: https://github.com/mmgen/mmgen/wiki/MMGen-command-help
|
|
|
+[7]: http://bitcoinmagazine.com/8396/deterministic-wallets-advantages-flaw/
|