Steganography, or the simple yet strong brain wallet

Tuesday, 19 March, Year 5 d.Tr. | Author: Mircea Popescu

A brain wallet (also mind wallet etc) is a method to store Bitcoin without any software, just by the power of one's mind as it were.

The idea is overpoweringly simple : since Bitcoin is deterministic in the correct directions, any arbitrary string properly hashed produces a perfectly valid Bitcoin address. He who is in the possession of the original string can subsequently spend any Bitcoin associated with that address. All you have to do is remember the string.

Unlike the usual wallet but like the paper wallet, a brain wallet is immune to hackers, trojans and such (for most of its lifetime at least - obviously at some time the private key will have to touch a computer if you're going to spend the Bitcoin). Unlike the paper wallet, a brain wallet is immune to being stolen, catching on fire, becoming smudged or simply disappearing through agei.

The problems with the brain wallet are twofold. On one hand, it can be forgotten. This may seem unlikely to happen to you - after all you don't seem to remember ever having forgotten anything - but suppose you have a stroke. Can you know for certain you won't have a stroke in the future ? Suppose you sustain a skull fracture, such as for instance in a car crash, or some domestic accident. Can you know for certain no brick will ever fall on your head ? Memory loss is a fact of life, it can happen.

On the other hand and not unrelatedly, the passphrase has to be strong. A brain wallet based on remembering the secret code "strawberries" isn't a very good brain wallet, even if you don't forget it. The reason is that a number of people also won't be forgetting strawberries, and it's certainly possible that some other guy one day just decides to use that passphrase for his brain wallet, triggering de facto marriage and pooling of assets between you two. And you don't even know the guy!

Tinkering with these problems a novel idea suddenly occurred to me. You could write a bit of software that takes a picture, picks four random numbers and spits out a key. That's your key.

In order to ever use it you'd need the original image and the four numbers (which, as you might have guessed, are X and Y start point and offset defining a rectangular section of the image). If you lose one of the four numbers but still have the image you could bruteforce a solution in maybe a few hours. If you lose all four you could probably still bruteforce a solution within weeks. If you lose the image however, you're screwed.

The advantages of this approach are shared with the titular steganography, and could be summed up as plausible deniability. 555-2331 and 555-5822 could easily sit in your phone as the phone numbers of "Molly" and "Betty Sue", even if they in fact are the start and offset coordinates of your secret key base. The image could sit quietly in a camera among ~500 other stupid vacation pictures. Thus hidden they are indeed very, very safe, especially if you never tell anyone about this little secret of ours.

Who'd suspect anything ? And if anyone suspected something what could they do about it ? Just take a lot of vacation pictures, like everyone else, and save phone numbers in your phone directory, also like everyone else.

You don't really need to save the program that'd do the processing, it can be hacked together in less than half an hour if you know anything about talking to computers. And if you don't... Actually, if you don't know anything about talking to computers my best advice to you is "marry someone who does". Definitely.

  1. Speaking of which, not all inks, not all papers and not all ink-paper combinations are safe for indefinite archival, especially if what you're archiving are series of small dots. Think for a moment about the problems of OCR and how often you see typos in machine-digitized printed matter, then realise that letters are comparatively easier to get right than QR codes. If you're using a paper wallet use good paper (not acidic), good ink (not cheap refills) and make the dots big. An 8x size QR code still fits on A4. []
Category: Bitcoin
Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.

6 Responses

  1. smickles`s avatar
    Tuesday, 19 March 2013
    It will happen.

  2. Mircea Popescu`s avatar
    Mircea Popescu 
    Tuesday, 19 March 2013


  3. Turning a photo of an everyday object (vs. a specially-constructed, two-dimensional object like a QR code) into a usable key that can be recovered by taking a similar photo is considerably harder than it sounds. Try to actually do it, and you will see why.

  4. Mircea Popescu`s avatar
    Mircea Popescu 
    Tuesday, 19 March 2013

    Depends on what exact heuristics you use in the image interpretation. Certainly any sort of bitmap approach will fail (but this discussion interestly plugs into the older one).

  5. A better solution is a multisig brain wallet.

    Make a 5 of 5 multisig wallet using keys from 5 very easy to remember brain wallets.

    You could even write the individual passphrases down and keep them in separate locations if you wanted to.

    Much easier and much more secure.

  6. Mircea Popescu`s avatar
    Mircea Popescu 
    Wednesday, 25 March 2015

    And how do you figure ?

Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.