Author

Topic: Turn photos into Bitcoin wallets (Read 541 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
April 28, 2022, 07:21:04 AM
#40
You are suspicious if you look and act suspicious. I don't know how you can avoid acting suspicious, but, for example, when I travel, I try to dress down as much as possible and wear the most "airport friendly" clothes, not too much metal on me, or plastic belt buckles, backpack with laptop and clear plastic envelope containing my travel documents clearly visible (maybe this is a mistake and should have shielded envelopes to prevent hackers from stealing my data wireless) ... I don't travel very much, but I've made about half a dozen international trips between South East Asia and North America over the past decade (so, like once every couple of years).

The most recent one being this year as I had to take care of father burial / cremation / praying and other issues.

Also knowing it could have been an issue, was prepared with as many pre-landing requirements as possible, online check-in, online vax QR codes and all that.

We all know random checks are never really random and if you are always getting random checked, it's either you are already on some list, or you just look "profile-able" and security is just discriminating and there is nothing you can do about it.

If you look different, smell different, walk and act different, sound different, you will get "random" checked and that's just the way it is.

If you travel with a laptop, tablet, or phone, you can stick in a microSD card in there without actually installing it (or it's just taped to the back of the battery; not visible).

Little piece of paper hidden together with your travel itinerary, boarding pass, passport and bunch of tourist looking documents? They probably won't bother opening it.

If you're coming from some 3rd world country and traveling to the US, and you are single, young, female, unemployed ... 100% guaranteed you'll get all your bags searched and have an interview with immigration officers.
legendary
Activity: 2212
Merit: 7064
April 28, 2022, 06:10:17 AM
#39
As for backups or traveling across dangerous international borders, can always scribble the seed words and hide it in your clothes / shoes / physical wallet. You'll have to get creative depending on your circumstances, but most people can travel in airports with a laptop or tablet with no issues.
They can always think you are suspicious and things you mentioned are probably the first places they will look to find if you hide anything.
In addition to writing seed words I would remember one or more passphrases and use main account only as decoy with smaller amount of coins, so even if they confiscate this it won't be worst thing that could happen.
This would help not only with customs while crossing borders, but also with unexpected case of getting attacked and robbed by someone.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
April 25, 2022, 09:54:59 AM
#38
If you really want to use photos, make a brand new one that no one else is going to ever use. Basically turn your camera into it's own TRNG. Don't use a phone or anything that can connect to anything, or make sure it is permanently offline.

As for backups or traveling across dangerous international borders, can always scribble the seed words and hide it in your clothes / shoes / physical wallet. You'll have to get creative depending on your circumstances, but most people can travel in airports with a laptop or tablet with no issues.
legendary
Activity: 2268
Merit: 18771
April 23, 2022, 09:36:11 AM
#37
If you want to allow someone to inherit your Bitcoin, there's a cost to it. Some way, you are definitely going to reduce your security, and open up an attack vector. However, while that is pretty unavoidable you should be trying to reduce that risk as much as possible, even if you can't completely mitigate it.
There are trustless ways to set up bitcoin inheritance though, which are far superior to anything which relies on the trustworthiness of either the inheritor(s) or a third party. Multi-sig between a bunch of friends and relatives can work, but you then have to be absolutely sure that a threshold number of these people won't try to steal from you. Splitting between friends/relatives and a will held by a reputable law firm is probably a bit more secure, but it still isn't trustless by any means.

Timelocked transactions, on the other hand, can be completely trustless. The person in possession of the timelocked transaction (if you choose to give it to them before you die and not just lock it in a safe in your house, for example), cannot use that transaction to steal from you. As long as you either invalidate the transaction by moving any of the inputs before it is valid, or destroy it if it is safely secured and no one has accessed it, and then replace it with a new one, then this is a trustless way to set up your inheritance.
staff
Activity: 3304
Merit: 4115
April 21, 2022, 06:15:04 PM
#36
That won't work for all words. I made a test-seed, and one of the words is "that". You can't print a picture of "that".
Not without getting super creative, which would likely result in either over complicating things or not making things complicated enough, i.e taking a picture of a bunch of skittles which spells out the word "that". Obviously, it would defeat the point of this.

Although, if you're doing this for inheritance sake you could potentially just generate a new wallet, until you get a seed which you can include pictures of. Since, there won't be any Bitcoin it in at this point.

Obviously, I think I made it clear before that I'm pretty against this method, and as above it's just better to go the will route. If you want to allow someone to inherit your Bitcoin, there's a cost to it. Some way, you are definitely going to reduce your security, and open up an attack vector. However, while that is pretty unavoidable you should be trying to reduce that risk as much as possible, even if you can't completely mitigate it.
legendary
Activity: 2268
Merit: 18771
April 21, 2022, 02:08:41 PM
#35
-snip-
But why? By doing all that you are introducing additional risk that someone figures out your system and steals your coins, as well as additional risk that your family forget the system or forget how to decipher the photos. So higher risk of theft and higher risk of loss.

If you want to leave something to a family member while also requiring something from your will as in your example, then either hand them an encrypted seed phrase with the decryption key in your will, or hand them one seed phrase from a 2-of-2 multi-sig with the other one in your will.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
April 21, 2022, 06:35:34 AM
#34
Well this project actually gave me an idea to hide a 12 word seed, by simply creating a Coffee table book with pictures that has all the words in the Seed in front of you, but not actually showing that it is a 12 word seed.
That won't work for all words. I made a test-seed, and one of the words is "that". You can't print a picture of "that".
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
April 21, 2022, 05:18:06 AM
#33
Well this project actually gave me an idea to hide a 12 word seed, by simply creating a Coffee table book with pictures that has all the words in the Seed in front of you, but not actually showing that it is a 12 word seed.

You can tell your family in your "Will" to take the Coffee table book with pictures on the shelve to decipher your 12 word Seed for your coins.. and they will be able to get access to your wallet.

Just leave instructions and clues in your "Will" ...so that nobody else with access to it, will be able to use it. (Example : My first Coffee table book are left to my brother John" ..... John will know what to do with that information, because he knows about the Book and you have shown him in advance how to use seed phrases.  Wink
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
April 20, 2022, 11:42:49 PM
#32
My main concern on this is: People might get an idea of storing a (physical) printed picture in their vault as the backup
and use the original/scanned image file to make a key pair.
Since there's already a physical backup, they might consider deleting the original image.

That wont work since a scanned image wont have the same hash as the original image used to create the key pair.
Every scan will also produce a slightly different image, thus, different hash.
Without the original image file that processed by this tool, users wont be able to recover their funds.
legendary
Activity: 1988
Merit: 1317
Get your game girl
April 20, 2022, 05:52:21 PM
#31
The good part is, the author of the lib already knows it and is mentioned on the ReadMe. This is like a blueprint to create a more secure system based on the analogy here

Quote
The image to hash function is probably more secure than a single word, however, that doesn't mean that this is overall more secure than traditional seed phrases, in fact, it probably is less secure. There are other ways someone could try and steal another user's seeds.

How about we use mp4/video files and process random timestamps to create a more secure way of storing seeds? 
legendary
Activity: 2212
Merit: 7064
April 20, 2022, 09:09:22 AM
#30
This is to have fun with it, to have an extra backup method that looks nice. It's similar to how cool it is that you can memorize your seed phrase, basically storing your wealth in your mind. Sure, you also should have the standard backups, but these extra methods are interesting and fun to have as well.
Storing stuff in your brain memory is probably worst thing you can do long term, and I would never do it myself.
I know that with age your memory gets worse and everyone is starting to forget memorized things more often as they get older.
As a temporary solution memorizing seed phrase can be useful, or in case when you are crossing a border and you don't want to bring any paper/metal backup, but that is it.
legendary
Activity: 2268
Merit: 18771
April 20, 2022, 02:46:30 AM
#29
This is to have fun with it, to have an extra backup method that looks nice. It's similar to how cool it is that you can memorize your seed phrase, basically storing your wealth in your mind. Sure, you also should have the standard backups, but these extra methods are interesting and fun to have as well.
I would say the two are not comparable.

We all know that memorizing your seed phrase is a poor back up. But, if you want to take a seed phrase which was securely and randomly generated and try to memorize it in addition to having proper paper back ups, then that's fine. There is a small additional security risk (in that you could accidentally reveal it when drunk, for example, or that you might take less care with your proper back ups since you are falsely reassured by your memory), but ultimately, remembering it in addition to proper back ups is unlikely to cause you any harm.

This method is different, however. You cannot take a securely and randomly generated seed phrase and encode it in to pictures using this method. You must first start with pictures, use them to generate a wallet, and then extract the seed phrase from that wallet (if that is even possible at all - I've not examined the code but the screenshots show the tool spitting out a raw private key rather than a seed phrase). A couple of pictures from your hard drive is not a true source of entropy, and whatever it generates will not be as secure as a properly generated seed phrase. Not to mention that many people would use this on an online computer, leave traces or logs of what they have done, back up the pictures online, and so on.

It's an interesting concept, but no one should actually use it to store any coins unless you are fully willing to lose them all.
hero member
Activity: 1008
Merit: 960
April 19, 2022, 06:19:50 PM
#28
I think many here are missing the point.

This is to have fun with it, to have an extra backup method that looks nice. It's similar to how cool it is that you can memorize your seed phrase, basically storing your wealth in your mind. Sure, you also should have the standard backups, but these extra methods are interesting and fun to have as well.
legendary
Activity: 2268
Merit: 18771
April 19, 2022, 09:06:22 AM
#27
That way you would be able to crop, resize, and change the appearance of the photo a bit, and still be able to recover the wallet, as the deep learning model would still generate the correct word for each photo.
And then you also need to back up your deep learning model, and hope it doesn't make any mistakes when identifying your pictures.

Problem is how to make something obvious and hidden in the same time... maybe making something like QR code artwork and only small section would work for scanning Smiley
If your goal is to have a picture on your wall which can somehow be used to recover your wallet, then the safest way to do this would be to simply write your seed phrase (encrypted, if you like) around the edge and then put it inside a frame which covers your writing.

Every additional suggestion on top of the original idea is simply adding layers upon layers of complexity without actually adding any more security. The most likely outcome from one of these complex ideas is that you lock yourself out of your wallet by mistake.
legendary
Activity: 2212
Merit: 7064
April 19, 2022, 08:43:14 AM
#26
Not using this method. It doesn't matter how good quality your prints are or how high tech your scanner is, if you scan to the exact same resolution in the exact same format with the exact same metadata - the file your scanner generates will never match the file you originally used. The picture in the file might look the same, but even a single pixel off by an imperceptible degree and your hash output will be different.
Maybe using some kind of QR code or something similar that would be incorporated inside picture would work.
You don't really have to use complete picture for scanning, but just one smaller part and it doesn't really matter what resolution you use in this case.
Problem is how to make something obvious and hidden in the same time... maybe making something like QR code artwork and only small section would work for scanning Smiley

This reminds me of a Bitcoin puzzle a few years back, which was called 'The Legend of Satoshi Nakamoto'.
This was $50,000 just few years ago, and it can have much different value in future!
Bitcoin puzzles are fun but there is always someone smarter than creator who could solve them, and I don't want that with my private keys or seed words Wink
I know there are many ways of hiding information inside digital photos but it's obviously much harder to do that with real life photos.

hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
April 18, 2022, 09:43:30 PM
#25
My question is could you actually use custom made photo(s) that you could print and hang on your wallet as a piece of art in obvious place, but that art would hide bitcoin inside?
Scanning photo(s) would give you access to your keys, and you could even make mini printed version and keep it in your wallet, for international travels.
I wouldn't keep anything important on cloud aka someone else computer, even if files are encrypted.
This reminds me of a Bitcoin puzzle a few years back, which was called 'The Legend of Satoshi Nakamoto'.

At the time of solving, it contained more than 5BTC. It looks pretty nice as well.
hero member
Activity: 1008
Merit: 960
April 18, 2022, 09:15:39 PM
#24
Not sure how this project in particular encodes the images to generate the wallet, but in theory you could be able to train a deep learning model to describe each photo with a word from the seed phrase.

That way you would be able to crop, resize, and change the appearance of the photo a bit, and still be able to recover the wallet, as the deep learning model would still generate the correct word for each photo.

I would still only use this as a novelty only thing, since it's not really secure.
legendary
Activity: 2268
Merit: 18771
April 18, 2022, 02:13:58 PM
#23
My question is could you actually use custom made photo(s) that you could print and hang on your wallet as a piece of art in obvious place, but that art would hide bitcoin inside?
Scanning photo(s) would give you access to your keys, and you could even make mini printed version and keep it in your wallet, for international travels.
Not using this method. It doesn't matter how good quality your prints are or how high tech your scanner is, if you scan to the exact same resolution in the exact same format with the exact same metadata - the file your scanner generates will never match the file you originally used. The picture in the file might look the same, but even a single pixel off by an imperceptible degree and your hash output will be different.

You could maybe put a bunch of files on a digital photo frame (as long as you are sure the photo frame doesn't compress them or similar) and still recover the same wallet from them, but I still wouldn't suggest it given the reasons we've discussed above.
legendary
Activity: 2212
Merit: 7064
April 18, 2022, 12:55:18 PM
#22
I like the idea and apart from security issues, would it actually take off??
Interface of this project reminds me on dreadful google captchas (that we are all tired from), but it could be useful for storing smaller amount of coins aka for pocket wallet.
Even on his github page he is saiyng that this method is less secure than generating regular seed phrases, but I have to admit that using phots is real simple way of doing it.
Problem I see with this approach is that some AI program could possible crack this much easier than normal seed words, using some photo recognition software.

My question is could you actually use custom made photo(s) that you could print and hang on your wallet as a piece of art in obvious place, but that art would hide bitcoin inside?
Scanning photo(s) would give you access to your keys, and you could even make mini printed version and keep it in your wallet, for international travels.
I wouldn't keep anything important on cloud aka someone else computer, even if files are encrypted.

hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
April 17, 2022, 06:09:00 AM
#21
Maybe you could zip up like 1000 pictures and upload that to cloud storage.
And you are 100% sure that your cloud storage won't do anything at all to that file? And you are 100% sure that unzipping will create the exact same files as before? Bear in mind that even changing a singe bit anywhere renders your wallet lost and essentially impossible to recover. Too risky.
I also said the following, though... Grin
You can upload that zip to many places, copy it to a few hard drives and such.
I may be wrong on this, but I'm pretty sure that you can't alter a zip archive (other than opening it and archiving the contents again) without making it unusable. Sure, you could modify its metadata, but that won't alter the files inside of it. I'm also pretty sure it has error correction, so a password-protected zip archive stored in multiple places could work.

Maybe it wasn't clear, but I myself wouldn't use it and don't recommend using such a scheme.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
April 17, 2022, 03:33:40 AM
#20
Maybe you could zip up like 1000 pictures and upload that to cloud storage.
And you are 100% sure that your cloud storage won't do anything at all to that file?
Never rely on only one backup Smiley
legendary
Activity: 2268
Merit: 18771
April 17, 2022, 03:20:00 AM
#19
Maybe you could zip up like 1000 pictures and upload that to cloud storage.
And you are 100% sure that your cloud storage won't do anything at all to that file? And you are 100% sure that unzipping will create the exact same files as before? Bear in mind that even changing a singe bit anywhere renders your wallet lost and essentially impossible to recover. Too risky.

If one doesn't understand or comprehend "write this 12 words down and store them securely to restore your wallet in case you lose or damage your fondle slab." will (s)he understand why to remember 12 images and pray they don't get lost or altered? I guess not.
This is my argument every time someone comes up with some new back up method which is supposed to be more user friendly or easier to use. I would just arguing this in another thread in relation to Block's new multi-sig wallet they are releasing with (apparently) no seed phrases. How much more user friendly can you get than "Write this down and keep it safe". It is so simple and yet so secure.

But , there’s something still niggling at me  - I can pretty much generate a wallet out of anything - I like the idea of taking a picture of The Mona Lisa and generating a wallet from it for example. That would be pretty damn cool .
Cool, sure, but far less secure than a properly generated wallet using a true source of entropy. Although if you do use this kind of system to generate a wallet (which I wouldn't recommend), then far better to turn your (insecure) entropy source in to a seed phrase and back that up instead.
legendary
Activity: 2114
Merit: 1323
Bitcoin needs you!
April 17, 2022, 02:55:10 AM
#18
It seems the general consensus is the security issue and also the fact that “if it ain’t broke, don’t fix it”.
I’ve learnt a lot from this thread and makes me realise AGAIN that there’s always more to learn.
But , there’s something still niggling at me  - I can pretty much generate a wallet out of anything - I like the idea of taking a picture of The Mona Lisa and generating a wallet from it for example. That would be pretty damn cool . Don’t worry I won’t though . Thanks for all the info folks  Smiley
legendary
Activity: 1612
Merit: 1608
精神分析的爸
April 16, 2022, 04:30:31 PM
#17
Thanks for bringing this up Mbitr, but I think it is a very bad idea in many ways.

First of all this caught my attention:

The current system we have is perfect, you don't really need to remember your seed..
I could not agree more to that the system we have is perfect, I might add it is also simple and secure.

If one doesn't understand or comprehend "write this 12 words down and store them securely to restore your wallet in case you lose or damage your fondle slab." will (s)he understand why to remember 12 images and pray they don't get lost or altered? I guess not.

IMO the general idea of backing up your valuable data (which a seed seems to be the perfect example of) on a single cloud provider is a very bad concept by itself.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
April 16, 2022, 02:22:33 PM
#16
Deriving randomness from picture(s) isn't a bad idea, and it's a feature of SeedSigner, if I remember correctly.
Using it for backup is tricky, as was mentioned. I can definitely see people taking screenshots of the relevant pictures or sending them via a messenger, which in 99% of cases alters the image hash and makes the backup unrestorable.

As for remembering which image it was, it can be actually hidden in plain sight, like printing it out and keeping it in your wallet or hanging a large print on a wall. But you definitely need to be able to retrieve the actual file from which the randomness was generated and I'm not sure how to accomplish it. Maybe you could zip up like 1000 pictures and upload that to cloud storage. If needed, download the zip and unpack it, that should return the original 1000 images and then pick the right one (by looking at the wall) to restore your wallet.
Something like this should pretty surely work. You can upload that zip to many places, copy it to a few hard drives and such. Especially if this is not a commonly used / standardized scheme, this 'security by obscurity' approach might work nicely.

Only issue is as with all 'custom crypto' (don't roll your own crypto), if let's say you pass away and your family knows nothing about this scheme, they won't randomly think to unzip a file from your cloud storage, take the image that is hung in your office and pass it through a program from GitHub to restore a Bitcoin wallet.
Instead, if they find some paper with 12 words, they might look online and find out this is a Bitcoin wallet seed.

Of course, you yourself might also forget how you generated that wallet if you find your backup again after decades and maybe already have symptoms of dementia.
staff
Activity: 3304
Merit: 4115
April 16, 2022, 02:19:51 PM
#15
Personally, I think it's a terrible idea, and o_e_l_e_o pretty much nails it on the head on why. The current system we have is perfect, you don't really need to remember your seed, however if you choose to you could go, and learn the "loci" memorisation technique, which I've given a little example below of.

The current system is random, and therefore you aren't going to be including common household items, that someone could just sit in their room, since my room will likely be the same as yours, there or about. So, randomisation, as much random as possible is always best, then all you have to do is have a secure system put in place of storing it, which varies from user to user.

We don't need to keep coming up with fancy ways of generating the seeds, it's fit how it is.

I think Photo Seeds has a fundamental flaw:
Quote
Odds are much higher that someone will remember a photo or a number of photos, and the order of those photos before they remember 12 random words.
If you've ever played the memory game (kids are much better at it than adults), you'll know you can barely remember a few pictures. And every new picture you see makes it more confusing.
While I do agree with the majority here, photo seeds or generating a seed via photos isn't a good idea mainly due to the metadata issues brought up, I've always thought that pictures are easier to remember than words. In fact, a common memorisation technique "loci" is basically assigning whatever you want to remember in a particular order, and basically imagining images in your mind.

For example, a logical one is a house, which is located on 12 seed lane (imagine a street sign), then you memorise the rooms, so first you go to the front door (word number 1), and you picture a massive red door, then you enter, and go through door number two, which upon entering you picture a donkey playing drums (second word "drums"). So on, and so forth, recommended that you imagine some pretty weird pictures, since you'll better remember them. Point being, images are much easier to remember than some random word.
legendary
Activity: 2268
Merit: 18771
April 16, 2022, 01:05:37 PM
#14
How is this better than just taking a picture of 12 seed words, and storing that on the cloud? It would be trivially easy to hash all hacked data to check if it returns a balance. At least a picture of 12 actual words will have some captcha qualities.
It's security through obscurity, which is not a great way to store your seed phrase or anything sensitive, but if someone was to break in to a cloud storage account with say 10 GB of data on it, then a hash of a few photos in a specific order will take an attacker much longer to figure out (unless they know exactly what they are looking for) than a .txt file with a seed phrase in it. If your privacy is top notch and an attacker has absolutely no idea you are involved in bitcoin at all and just happens to break in to your account, then they probably won't waste their time trying this method since the hit rate would be so low.

But, even with all that considered, I would still never do this for all the reasons I listed above. There is far too much that can very easily go wrong for the very small additional security it brings. Far better to write down your seed phrase on paper. If you want to store your seed phrase electronically, then far better to encrypt it with a strong encryption key than to come up with some crazy encoding scheme involving hashing specific pictures in a specific order.

I mean, some people may remember photos much better than seed words i believe, and everyone and his own capabilities and all, like memory is flexible and different from one person to the other.
But seed phrases are not supposed to be remembered. Swapping from remembering 12 words to remembering x number of pictures in a specific order and the algorithm you used to turn them in to a wallet is no better.
jr. member
Activity: 47
Merit: 3
April 16, 2022, 12:11:07 PM
#13
I like the idea and apart from security issues, would it actually take off??
Security issues are the main problem, so I hope this won't take off Tongue
My first idea when reading the title was to sha256 an image file, enter that into Bitaddress.org's Wallet Details tab, and get a private key. It's easy! But creating a backup is not easier than backup up a "normal" wallet.

I think Photo Seeds has a fundamental flaw:
Quote
Odds are much higher that someone will remember a photo or a number of photos, and the order of those photos before they remember 12 random words.
If you've ever played the memory game (kids are much better at it than adults), you'll know you can barely remember a few pictures. And every new picture you see makes it more confusing.

I mean, some people may remember photos much better than seed words i believe, and everyone and his own capabilities and all, like memory is flexible and different from one person to the other.
However, kinda a good implementation, looking forward on how the project will turn into.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
April 16, 2022, 12:05:33 PM
#12
The thing is that it's only you who will know which is the file (or files) needed for the seed. It can be stored on USB sticks, or even better, on cloud, without anybody knowing what's that for. I find it a not-so-bad way to store your seed.
How is this better than just taking a picture of 12 seed words, and storing that on the cloud? It would be trivially easy to hash all hacked data to check if it returns a balance. At least a picture of 12 actual words will have some captcha qualities.

Because it's only you who will know what those file are for (unless you store them together with wallet, unless you name them seed1.jpg...seed12.jpg), unlike storing a seed or a picture of the seed.

I mean, if I put into Dropbox a folder with 5-10 jpeg files, it's only me who will know that they're more than nice memories. (of course, as o_e_l_e_o pointed it out very good, online services tend to mess with image files, but let's ignore that for now). Unlike a backup of the seed containing the actual seed, a file is a file, really. And if you want to tell otherwise, I can tell you that I have over 3000 pictures on cloud, so if one wants to guess a seed based on (some of) those.. it won't be easy.

I find it less secure because the owner may forget the logic of his "hidden HD seed" than because one would start hashing and mixing those files to get the seed off them.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
April 16, 2022, 11:33:45 AM
#11
The thing is that it's only you who will know which is the file (or files) needed for the seed. It can be stored on USB sticks, or even better, on cloud, without anybody knowing what's that for. I find it a not-so-bad way to store your seed.
How is this better than just taking a picture of 12 seed words, and storing that on the cloud? It would be trivially easy to hash all hacked data to check if it returns a balance. At least a picture of 12 actual words will have some captcha qualities.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
April 16, 2022, 11:10:46 AM
#10
If you take one photo and sha256 the a few MB jpg, I'm pretty sure that won't ever be reproduced. But you'll need to keep the file secure

It's 100% clear that the file has to be kept securely. The thing is that it's only you who will know which is the file (or files) needed for the seed. It can be stored on USB sticks, or even better, on cloud, without anybody knowing what's that for. I find it a not-so-bad way to store your seed.

With no checksum or error correction built in, it then becomes essentially impossible for the user in question to recover their wallet.

You are indeed very right on this. The user will have to keep the seed-source super safe. Even more, he will have to also keep super-safe the code that generates the seed from the source files and.. yeah, they should not be stored together.



It is an ingenious way imho. And some may like it. But it's also super risky, especially for really long term (like any non-standard way to keep the seed, after all). You guys are right.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
April 16, 2022, 10:48:52 AM
#9
I'd guess that the hash of a number of files can give stronger seed than from some words, but I am not good at this.
If you take one photo and sha256 the (a few MB large) jpg, I'm pretty sure that won't ever be reproduced. But you'll need to keep the file secure, which basically brings you back to square one. Anything can be turned into a hash Smiley

Example:
Code:
I'd guess that the hash of a number of files can give stronger seed than from some words, but I am not good at this.
sha256: 52030939dd434020d77b86f83a6cbc462b1021e41550797253cbba551b291dfc
Bitaddress: 1MNwEcFgZXi3ukqui1SUD6NQ12JHFL6XjJ
But given the no doubt high hash rate of no doubt many people continuously trying to brute-force Bitcoin addresses, I wouldn't risk my money on anything ever published.
legendary
Activity: 2268
Merit: 18771
April 16, 2022, 10:47:44 AM
#8
Conclusion: it can become an interesting project, but it may be better to not be linked to the idea of photos, it may be better with (any) actual files. It avoids confusion and other possible problems.
The problem remains that any tiny change to the file in question will radically change the output of the hash and therefore generate a totally different wallet. With no checksum or error correction built in, it then becomes essentially impossible for the user in question to recover their wallet.

You use a bunch of photos to generate a wallet, great. You then decide to back up those photos to a USB stick, but your OS didn't copy all the metadata. Wallet lost. Maybe you back them up to some cloud storage, but the cloud storage automatically converts them all to .jpg or to a standard resolution or changes the metadata to attach the name of their service to the photo somehow. Wallet lost. Perhaps you do something as simple as rotate or crop one of the images. Wallet lost. This is far easier for an average user to get wrong than writing down a seed phrase.

Using any other files still poses the same risk from all the metadata that most average users don't even know exists, plus opens the door to using very insecure "entropy", such as a .txt file of some famous quote.
legendary
Activity: 2114
Merit: 1323
Bitcoin needs you!
April 16, 2022, 10:37:43 AM
#7
Thanks for the informative replies folks.
I’m not very technical, but I get the gist. Think I’ll probably stick to the basics and I presume most wallet users will as well  Smiley
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
April 16, 2022, 10:25:02 AM
#6
A brain wallet (also not recommended) could work from photos and other objects too: on the wall in my living room from left to right I see: Heater Speaker Bob Alice TV Speaker Fireplace Wedding Lamborghini Piggybank Drawer Litterbox and Curtain. Enter it into Bitaddress: 1pZNXZ6PUfpHjmgcQhcYkEVJnMStJfj7C!
As long as you don't change your living room, you can probably recover these funds. But it's not the most secure storage system.

Indeed. But is it not-so-safe because the list of English words, or is it because they're objects in your house? I mean that if one uses this "trick" with a list of (image) files, somebody else will also have to know that the seed comes from a list of files. I'd guess that the hash of a number of files can give stronger seed than from some words, but I am not good at this.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
April 16, 2022, 10:17:30 AM
#5
Imho the current implementation can be considered flawed, since one may want to print the photos that make the seed, for example, for remembering easier.
A brain wallet (also not recommended) could work from photos and other objects too: on the wall in my living room from left to right I see: Heater Speaker Bob Alice TV Speaker Fireplace Wedding Lamborghini Piggybank Drawer Litterbox and Curtain. Enter it into Bitaddress: 1pZNXZ6PUfpHjmgcQhcYkEVJnMStJfj7C!
As long as you don't change your living room, you can probably recover these funds. But it's not the most secure storage system.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
April 16, 2022, 09:43:11 AM
#4
I think Photo Seeds has a fundamental flaw:
Quote
Odds are much higher that someone will remember a photo or a number of photos, and the order of those photos before they remember 12 random words.
If you've ever played the memory game (kids are much better at it than adults), you'll know you can barely remember a few pictures. And every new picture you see makes it more confusing.

Well, one can easily have a few super-memorable photos he wants to turn into wallet. He won't have to remember how the photo looks like.
Like "the main photo from my wedding", "the first photo with my boy" and so on. But.. your point is valid because nowadays one may have 20 photos with the first day of his kid, and then the things indeed get confusing.

---
Also, in case nobody noticed:

How can we make idea even better?
Use bitmaps instead of files

Imho the current implementation can be considered flawed, since one may want to print the photos that make the seed, for example, for remembering easier.
(Of course, it can be seen as a feature too, since one may want to do this from certain historic files - the images of his first few floppy disks, or the first version of whatever application and so on)

Back to the images: if the implementation gets corrected/improved as the dev wants... I am not so sure if a 4k photo and its scaled down to 2MP version would return the same seed.

---
Conclusion: it can become an interesting project, but it may be better to not be linked to the idea of photos, it may be better with (any) actual files. It avoids confusion and other possible problems.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
April 16, 2022, 07:24:24 AM
#3
I like the idea and apart from security issues, would it actually take off??
Security issues are the main problem, so I hope this won't take off Tongue
My first idea when reading the title was to sha256 an image file, enter that into Bitaddress.org's Wallet Details tab, and get a private key. It's easy! But creating a backup is not easier than backup up a "normal" wallet.

I think Photo Seeds has a fundamental flaw:
Quote
Odds are much higher that someone will remember a photo or a number of photos, and the order of those photos before they remember 12 random words.
If you've ever played the memory game (kids are much better at it than adults), you'll know you can barely remember a few pictures. And every new picture you see makes it more confusing.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
April 16, 2022, 07:12:53 AM
#2
I immediately thought that this was like selling your photos, but now I understand. It's a great idea to have, and you would only need to have the original combination of photos with it or something.

Would there be a sequencing with it or something with all of the metadata of the single image to produce the seed?
legendary
Activity: 2114
Merit: 1323
Bitcoin needs you!
April 16, 2022, 07:05:46 AM
#1
I just came across this .. how to turn photos into a Bitcoin wallet and it had me quite intrigued

https://github.com/mikemilla/photo-seeds by Mike Miller on GitHub

I’m not him and not affiliated in any way - FYI.
It just caught my eye and was thinking if this actually has a use case or is it just a bit of fun.

I like the idea and apart from security issues, would it actually take off??






Jump to: