# Short Meeting of Address-Gen ## Participants - Andrea - Louay - Bing ## The story of Address-Gen (By Andrea) - Repo: https://github.com/iotaledger/address-generator - Patch: https://github.com/iotaledger/address-generator/blob/master/iri156.patch The idea is the following: once we discovered the M bug back in the days we decided to snapshot away funds that were at risk of being stolen, to protect users. For users to reclaim their money, we asked them to use a special reclaim tool and sign a certain bundle on the Tangle that contains an encrypted seed. An attacker that is trying to crack the private key for a certain WOTS address would be able to sign a transaction on that address, but not to provide a seed! Since only the real owner would know the seed corresponding to a certain address, the tool will fetch the encrypted seed, decrypt it and then generate a bunch of addresses until matching the claimed one (hence the name address-generator). If the address the user is claiming can be generated from the seed he provided, it means that the address was indeed his! This is pretty much the idea of that ugly IRI .patch and address-generator stuff. everything starts from a tag final Hash EXPECTED_TAG = HashFactory.TAG.create("RZAFHLHZMNJQJGMTKVSRTHAPRJL"); ## Code going through - Going through the codes w/ shared screen ## Questions - `HashFactory.TAG.create("RZAFHLHZMNJQJGMTKVSRTHAPRJL");` - Does it hash the tag or the tag is exactly `RZAFHLHZMNJQJGMTKVSRTHAPRJL`? - Exactly `RZAFHLHZMNJQJGMTKVSRTHAPRJL` - In the `outputProofs` I just saw the program scans the whole tangle and collect the txs which tag equals EXPECTED_TAG - The steps: - Fetch the encrypted seed - Where in the codes? - Don't needed => The tag is fixed - Decrypt it and then generate a bunch of addresses until matching the claimed one - Where in the codes? - Don't needed => The tag is fixed