Topic: Release - Open source software - replacing hardware wallets with image { - page 2. (Read 12610 times)

Okay, if you suspect an image contains a wallet, place the image into the app, then enter the password to decrypt the AES data.

It uses a mixture of cryptography (encrypting) and steganography (hiding). So if you suspect something, you now have to know the password to see if you'll get anywhere.

I guess my aim is to move the target from just wallet.dat files to everything such as: pictures, audio files, movies, videos! anything could contain a private key.

nice work, but I'd like to add a couple of general  comments on steganography which are very important for anyone who wants to use it to store real money.

First of all, steganography for now is  not nearly on the same level of security as cryptography.  In fact, *every* steganographic method can be broken with currently available stegoanalitic methods(which are typically statistical methods).  The only question is whether there is enough data, but practical amounts are sufficient (no astronomical figures like in crypto).
While it is easy to hide something in an image so that the image with hidden data looks the same to a human eye, it is so far practically impossible to hide anything from statistical analysis methods.


The only practical use of steganography is obfuscation. If you want to hide the fact that you are storing private keys on a machine from someone who is not too much intent on finding them, then it's useful. Otherwise it's not.  For example, a security agent at the border which decides to do a "random" Check of your laptop will probably not find anything. If there was a "tip off" on you - then they probably will.

Another note: these methods are typically very sensitive to any change in the image such as rescaling, change of resolution, not to mention printing/ scanning etc. Be careful and check in advance how much destortion the steganographic method is designed to handle (typically - no distortion).

The above are just general considerations, I didn't check which methods OP used. (Besides, there are off-the-shlef stego methods which you can use to hide any files, not only wallets/ private keys.)

...

Steganography looks like a great emerging technology that may become very important in safeguarding our BTC (not to mention our freedoms).

Please keep us up to date on your efforts, you are doing great work.    Two thumbs up!

The step after the next would be to make your software easy-to-use for us non-tekkies.

This is interesting... Have you tried to encrypt an image, print it, scan it and decrypt it? This would be epic if something like this was possible.

Great question, the software itself (or myself for that matter) don't even know how to detect which image contains steganography data. its all based on the password, if the data decryption process fails, then thats it. Its either you know the password, know it has someone in it, or you don't.


> I could introduce a package installer later. but it's pretty easy to install. Just download java, unzip the app & run it.
> A phone version would be great at least when we've added all the features that we didn't get to. It would also make it much more easy to use "on the fly"

Excellent work!  I haven't tried it yet but have a question:
You can load any image and your software detects if there's stenography?  Or is it based on let's say a password, then that password applies stenography techniques to pic?

What I'm getting at is can your code be modified and go through every pic on a computer and detect pics that have a wallet on them?

By the looks of it it will be more secure than a paper wallet because you would have to know that a certain picture contains private keys.

I downloaded the file but is there anyway to make it a simple exe or installer? im not too sure how to install it at the moment but would like to give it a try.

Edit:- also a phone version would be nice in the future where i could just select an image within my phone and then decrypt it and put the bitcoins straight into my wallet for instance mycelium.

Concept is cool. But I want to try it out ASAP.
Are you hiring beta testers for testing them out and reporting any bugs/loopholes if found? Let me know because I am highly interested in it.

Btw, on a scale of 1 to 10, how secure is this going to be compared to the well known traditional paper wallets?

Amazing work- this is awesome 

Thank you for posting this!
I've done some basic steganography and watched some presentations about it (Defcon, Blackhat etc)
It's a very interesting topic and certainly a cool technology.
I will check this out when I have some time later today.   

Great question!

At the moment, the passwords are converted to SHA1, divided by 2 and encrypted in AES 128-bit 2-times (because we can). It only exports as .JSON file, which is what electrum and blockchain.info uses. An option to export it as an encrypted BIP38 might be added. I'm pretty much brain-dead from working on this project.

BUT! I'm excited we've managed to produce a game-changing technology for the community!

This is fantastic. The fact that im not using paper wallets it's because they are an obvious target. If someone ever finds it it's like "hey guys, there's bitcoins here! let's pick this up". If they see some irrelevant picture of a cat or something, they will never guess there's a private key there.

The question is: Can you still add a password lip BIP38 paper wallets? There's no way im getting a paper wallet of any kind unless it requests a password to unlock it.

This is really cool.  This will probably be the most secure way of protecting your bitcoins without a hardware wallet until malware/hackers start to look for it.

Vinyl has been done before, though they are redesigning the website currently and have little information available on their website but the Coindesk article has much more:  

http://www.coindesk.com/new-sound-wallet-stores-private-keys-vinyl/
http://soundwallet.net/

Regardless, more competition is not a bad thing.

I have read about this technology before and it sounds like a really class move forward......

It all depends on how each software handles the images. Some websites purposefully degrade images to save disk-space. I don't think you'll have any problems. But if you do need validation, you can install apps such as HashStamp, then compare the image checksum to confirm that no changes has been made. I know 7zip allows you (on windows, with right-click) to check the "CRC SHA" checksum for files.

tl;dr: make sure the checksum values are verified each time you transmit the image file.

Im going to download it and give it a try once someone else can verify that the file is clean, No offense to yourself im sure it is but obviously better safe than sorry. Can i ask if i send a photo that has the wallet encrypted from say my pc to my phone then through various other devices will it still decrypt fine or will the picture quality degrade slightly and become unusable?  For instance if i send via whatsapp then it might resize the photo or compress it then i guess it will no longer work?

Audio files sounds awesome too, people could have bitcoins literally hidden everywhere.

It is great. The image has to be in a digital format. But please don't forget your password or the image you used!

We're looking at storing bitcoin wallets in audio files next, hopefully more options for stashing away bitcoin wallets will be out there

The software provides facilities to encrypt & decrypt your encrypted private key from the image. The encrypted data are not store as meta data, they are converted to 1's and 0's and added to the RGB data (colour) inside each pixel in an image (Steganography).

So in short, it increases the colour intensity, or reduces it (which is a form of storage) that can be used to store data. The best thing is, the image size should be absolutely the same!

This is all in all pretty amazing. So i can now store my bitcoins in a paper picture? Or does it have to be digital only? Either way this opens up some major possibilities for stashing away those coins in hard to find places. I might have to give this a whirl with a small amount just to see how it works exactly.

So how do I decrypt the successive image that is encrypted?
Isn't this one hell of a work to encrypt an image and decrypt it summarily?

And is there any way a user can steal the private key through the image's metadata? Or does it strip all the metadata before encryption?