Protecting your Bitcoin Wallet Recovery Seed with Stegonography and Encryption

Bitcoin and Stegonography

 

Bitcoin wallets already contain methods for encrypting your wallet private keys and recovery seed words with a passphrase. So if you have that and are happy with it, this technique probably isn’t for you. Stegonography is a means of concealing or embedding data inside an inconspicuous content type of some kind. Another interpretation could be the idea of “hiding in plain sight” or “security by obscurity”.  For our purposes today we are going to demonstrate how you can embed and password protect your seed words inside of a JPEG image. Now why would you want to do this? Well believe it or not, looking for “wallet.dat” files on computers isn’t a secret! It is the first thing hackers, who are after your bitcoin, will search for because….its obvious. What else is obvious? Storing your seed words in a safe screams “this is valuable”. Would you feel comfortable putting your encrypted wallet.dat or other encrypted seed on the internet? Why not? Well the answer is probably multi-faceted but I would be concerned by someone nefarious getting the file and trying to brute force it offline. Even worse, maybe you have  already been compromised and an adversary knows your password, then its a matter of finding the file. Stegonography can add a third dimension to the security of your recovery seed. We will show below only a single tool that can be used for stegonography, there are many, and if you are creative you can probably come up with some of your own.

Why hide your seed words in an image? Well for starters, an image isn’t something that people suspect to contain valuable information. Especially against the backdrop of a society producing billions of photos per day with their smart phone cameras, who could possibly have time to acquire and search each image for data? They wouldn’t/couldn’t. Unlike an encrypted wallet.dat or zip encrypted file, an image leaves no indication that it is hiding secrets. There are no password prompts when you open the image. Examining the EXIF details tells you nothing. In fact, the only way to detect potential stegonography is if a digital forensics expert was able to compare at the byte level the original image and the image containing the embedded data. Even then this is an imperfect method and may only yield to the examiner that the photo may contain encrypted data. But back to the point here, given the thousands of photos in your collection why would anyone want to check this particular image for secret data, its unimportant to the casual or even trained observer.

Stegonography can add a third dimension to the security of your recovery seed.

Use Case 1: What happens to your bitcoin wallet if you die?

Well Google has invented the inactive account manager tool this is a pretty cool service that essentially allows you to hand over control of all or some of your google products to a next of kin. In addition it allows you to send a final message to the recipient. This opens up all kinds of opportunity to ensure your loved ones get what belongs to them.

So let’s recap, there are 3 pieces to the puzzle an attacker or loved one would have to have in order to recover your seed:
1) your passphrase
2) Access to the image
3) Knowledge that a specific image file contains a secret

You can give 2 of 3 of these away to anyone and still have piece of mind your data is well protected even from the most sophisticated attackers. This could allow you to destroy your wallet and transmit its backup as a digital image without detection in the face of monitored internet activity. Again, without knowledge, that the file contains a secret AND access to the original image for byte level comparison it would be near impossible to detect. Additionally, cracking 128 bit encryption could take a billion years. But the whole point here is there is no reason they would know that there is anything to crack inside the image.

1) You can confidently disperse your image with hidden seed data to many recipients with piece of mind that they won’t know the significance, put it among 50 photos on 50 USB keys and hand them out to friends and family. Heck you could put it up on a website.
2) You can put the image somewhere on your google drive for your next of kin to find when your account becomes inactive
3) You can include in your message to family either what file has the data (assuming you previously gave them password) or give them the password (assuming you’ve previously showed them the image with the data)

I’m sure you can come up with more creative scenarios but the thing to keep in mind is your seed is safe as long as nobody know the significance of the image AND has the passphrase. Think about that, an attacker can literally have your passphrase and this image will be useless to them unless they also knew it contained hidden data.

 

Think about that, an attacker can literally have your passphrase and this image will be useless to them unless they also knew it contained hidden data.

Getting started

For this demonstration we used a Linux installation, Debian or ubuntu should work fine under these instructions, but you can find some similar tools for windows if you look.

Step 1: Create a secret data file, in our case we are creating a text document with our 24 word wallet recovery seed

Step 2: Install Steghide
# sudo apt-get install steghide

Step 3: So now in our directory we can confirm we have our secret data file and the image we want to embed it in. The next step we will instruct steghide to add the data (mysecret.txt) to our image (beach.jpg) output to a new file (beach1.jpg) and use the twofish cbc encryption cipher. You will be prompted at this point to encrypt your data file with a passphrase

# steghide embed -cf beach.jpg -ef mysecret.txt -sf beach1.jpg -e twofish cbc

Step 4: Verify that our data is hidden and can be extracted by doing a test extraction on our file beach1.jpg But first lets peak in the directory and you can observe Beach1.jpg is slightly bigger than the original by 9 kilobytes, open the file and verify its a valid jpg as well. We diff the two secret files to validate their contents are identical

# steghide extract -sf beach1.jpg -xf NEWsecret.txt

Watch the video:

Conclusion:

We have demonstrated how you can conceal your encrypted key or recovery seed into an image file which can remain undetected and unprotected just about anywhere. We looked at options for configuring a deadman switch with google that can grant access to your files and/or passphrase automatically. In this we have shown but one way you can safely guarantee your Bitcoin Legacy is safely transferred to your next of kin.

Leave a Reply