A brain wallet (also mind wallet etc) is a method to store Bitcoin without any software, just by the power of one's mind as it were.
The idea is overpoweringly simple : since Bitcoin is deterministic in the correct directions, any arbitrary string properly hashed produces a perfectly valid Bitcoin address. He who is in the possession of the original string can subsequently spend any Bitcoin associated with that address. All you have to do is remember the string.
Unlike the usual wallet but like the paper wallet, a brain wallet is immune to hackers, trojans and such (for most of its lifetime at least - obviously at some time the private key will have to touch a computer if you're going to spend the Bitcoin). Unlike the paper wallet, a brain wallet is immune to being stolen, catching on fire, becoming smudged or simply disappearing through agei.
The problems with the brain wallet are twofold. On one hand, it can be forgotten. This may seem unlikely to happen to you - after all you don't seem to remember ever having forgotten anything - but suppose you have a stroke. Can you know for certain you won't have a stroke in the future ? Suppose you sustain a skull fracture, such as for instance in a car crash, or some domestic accident. Can you know for certain no brick will ever fall on your head ? Memory loss is a fact of life, it can happen.
On the other hand and not unrelatedly, the passphrase has to be strong. A brain wallet based on remembering the secret code "strawberries" isn't a very good brain wallet, even if you don't forget it. The reason is that a number of people also won't be forgetting strawberries, and it's certainly possible that some other guy one day just decides to use that passphrase for his brain wallet, triggering de facto marriage and pooling of assets between you two. And you don't even know the guy!
Tinkering with these problems a novel idea suddenly occurred to me. You could write a bit of software that takes a picture, picks four random numbers and spits out a key. That's your key.
In order to ever use it you'd need the original image and the four numbers (which, as you might have guessed, are X and Y start point and offset defining a rectangular section of the image). If you lose one of the four numbers but still have the image you could bruteforce a solution in maybe a few hours. If you lose all four you could probably still bruteforce a solution within weeks. If you lose the image however, you're screwed.
The advantages of this approach are shared with the titular steganography, and could be summed up as plausible deniability. 555-2331 and 555-5822 could easily sit in your phone as the phone numbers of "Molly" and "Betty Sue", even if they in fact are the start and offset coordinates of your secret key base. The image could sit quietly in a camera among ~500 other stupid vacation pictures. Thus hidden they are indeed very, very safe, especially if you never tell anyone about this little secret of ours.
Who'd suspect anything ? And if anyone suspected something what could they do about it ? Just take a lot of vacation pictures, like everyone else, and save phone numbers in your phone directory, also like everyone else.
You don't really need to save the program that'd do the processing, it can be hacked together in less than half an hour if you know anything about talking to computers. And if you don't... Actually, if you don't know anything about talking to computers my best advice to you is "marry someone who does". Definitely.———
- Speaking of which, not all inks, not all papers and not all ink-paper combinations are safe for indefinite archival, especially if what you're archiving are series of small dots. Think for a moment about the problems of OCR and how often you see typos in machine-digitized printed matter, then realise that letters are comparatively easier to get right than QR codes. If you're using a paper wallet use good paper (not acidic), good ink (not cheap refills) and make the dots big. An 8x size QR code still fits on A4. [↩]