Incognito wallet section added

modified: Getting-Started-with-MMGen.md
2014-07-19 12:08:50 +04:00 · 2014-07-19 12:08:50 +04:00 · 765de73951
commit 765de73951
parent a9e9209787
1 changed files with 104 additions and 5 deletions
--- a/Getting-Started-with-MMGen.md
+++ b/Getting-Started-with-MMGen.md
@ -86,10 +86,11 @@ If you have any existing addresses with balances, you'll want to track them too.
 Make a plain list of these addresses, one address per line, and import the list
 into the tracking wallet using `mmgen-addrimport -l`.

-		$ mmgen-addrimport -l my_existing_addrs_with_balances
+		$ mmgen-addrimport --rescan -l my_existing_addrs_with_balances

-Since the importing process is slow, you may want to do it in stages, a few
-addresses at a time.
+NOTE: The `'--rescan'` option must be used for all addresses with existing
+balances.  Since the rescanning process is slow, you may want to do it in
+stages, a few addresses at a time.

 Continue in this fashion until you've imported all addresses with balances into
 your tracking wallet.
@ -197,7 +198,7 @@ transaction using this list of keys.

 		$ mmgen-txsign -k wd_EDBC983A[102].keys tx_1EDCBA[6.6].raw
 		...
-		Signed transaction saved to file tx_1EDCBA[6.6].sig
+		Signed transaction saved to file tx_ABCDEF[0.1].sig

 Note that mmgen-pywallet's output is just a flat list of keys.  So if you have
 several Bitcoin wallets with balances, you can just dump all their keys and
@ -324,7 +325,105 @@ using the `'-d'` option.  For example, on a Linux system you could use
 This also has obvious security benefits, ensuring that no sensitive data
 remains on disk after your computer's been powered down.

-### Test suite:
+#### Incognito wallets
+
+A wallet exported to incognito format is indistinguishable from random data,
+allowing you to hide your wallet at an offset within a random-filled file or
+partition.  Thus both the location and nature of the data are unknown to a
+potential attacker, who in addition cannot be sure that the file or partition
+contains anything useful at all, barring any inside knowledge.
+
+An incognito wallet with a reasonably secure password could even be hidden on
+unencrypted cloud storage.  Hiding your wallet at some offset in a 1 GB file
+increases the difficulty of any attack by a factor of one billion, assuming
+a potential attacker knows or suspects you have an MMGen wallet hidden there.
+You should remember the offset, however!
+
+If you plan to store your incognito wallet in an insecure location such as cloud
+storage, you're advised to use a strong scrypt preset and a strong password.
+These can be changed using the `mmgen-passchg` utility:
+
+		$ mmgen-passchg -p 5 89ABCDEF-01234567[256,3].mmdat
+		...
+		Hash preset has changed (3 -> 5)
+		Enter new passphrase: <my new strong passphrase>
+		...
+		Wallet saved to file '89ABCDEF-87654321[256,5].mmdat'
+
+The new scrypt preset is indicated by the numeral '5' after the comma in the new
+wallet filename.  Now export your new toughened wallet to incognito format:
+
+		$ mmgen-walletchk -g 89ABCDEF-87654321[256,5].mmdat
+		...
+		Incognito wallet data saved to file '89ABCDEF-87654321-ECA86420[256,5].mmincog'
+
+'ECA86420' is the IV (init vector) ID.  This can be used to find your wallet
+within random data if you've forgotten where you hid it **(TBD)**.
+
+Repeat the same export operation, but output to hexadecimal:
+
+		$ mmgen-walletchk -X 89ABCDEF-87654321[256,5].mmdat
+		...
+		Incognito wallet data saved to file '89ABCDEF-87654321-CA86420E[256,5].mmincox'
+
+		$ cat 89ABCDEF-87654321-1EE402F4[256,5].mmincox
+		6772 edb2 10cf ad0d c7dd 484b cc7e 42e9
+		4fe6 e07a 1ce2 da02 6da7 94e4 c068 57a8
+		3706 c5ce 56e0 7590 e677 6c6e 750a d057
+		b43a 21f9 82c7 6bd1 fe96 bad9 2d54 c4c0
+
+Note that the IV ID is different here: the IV is generated randomly each time,
+leading to the incog data as a whole being different as well.  This allows you
+to store your incog data in multiple insecure locations without being detected.
+
+As you can see, this data is ideally suited for a paper wallet.  Just print it
+out on a printer and you're ready to go.  This hex dump of apparently random
+data is totally unidentifiable as anything related to Bitcoin.
+
+Your incognito wallet (whether hex or binary) can be used just like any other
+MMGen wallet, mnemonic or seed file.  Generate ten addresses with it, for
+example:
+
+		$ mmgen-addrgen 89ABCDEF-87654321-CA86420E[256,5].mmincox 100-110
+
+Or sign a transaction:
+
+		$ mmgen-txsign tx_my.raw 89ABCDEF-87654321-CA86420E[256,5].mmincox
+
+With the `-G` (`--export-incog-hidden`) option, you can hide your incog wallet
+in a file or on a partition at the offset of your choice.  Create a file filled
+with 1 GB of random data:
+
+		$ dd if=/dev/urandom of=random.dat bs=1K count=1M
+
+Export your wallet to incog format, hiding it in this file at offset 123456789:
+
+		$ mmgen-walletchk -G random.dat,123456789 89ABCDEF-87654321[256,5].mmdat
+		...
+		IV ID: ED1F2ACB
+		Data written to file 'random.dat' at offset 123456789
+
+The IV ID is useful.  If you forget the offset, it can be used to find your
+wallet data **(TBD)**.  The file 'random.dat' can now be uploaded to your
+favorite cloud storage service, for example (in a real-life situation you'd
+choose a less obvious offset than '123456789' though).
+
+Generate ten addresses with your hidden incog data:
+
+		$ mmgen-addrgen -G random.dat,123456789,256 32-42
+
+Sign a transaction with your hidden incog data:
+
+		$ mmgen-txsign -G random.dat,123456789,256 tx_ABCDEE[0.1].raw
+		...
+		Signed transaction saved to file tx_ABCDEE[0.1].sig
+
+Note that the seed length parameter here will always be '256' unless you're
+using a non-default seed length.
+
+
+
+### Test suite (unsupported - much of this functionality is now in 'mmgen-tool'):

 The test suite can be run from within the MMGen source directory.  You might
 find the following tests to be of interest: