pull down to refresh

If you can remember a phone number, you can remember an easywallet.
An easywallet is:
  • Secure
  • Portable
  • Deniable
  • Memorable
  • Recoverable using almost any bitcoin wallet app
An easywallet is not intended for storing long-term savings. But it could be useful as a temporary, short-term wallet that you can store in your brain via memorization.
Step 0. Gather the materials you will need to create your easywallet:
  • Pen and paper
  • Five casino dice
  • Tails USB + Laptop or desktop computer, or an old smartphone
    • Tails comes with Electrum pre-installed. Connect to the internet and download the EFF long word list, then disconnect Tails from the internet and do not reconnect again.
    • If you use an old smartphone, install the Electrum mobile wallet and download the EFF long word list so you can refer to it while working through this guide. Then, disconnect the smartphone from the internet and never connect it to the internet again.
    • This setup is designed for a cold wallet for maximum security. If you don't plan on using your wallet to store a lot of value, you can create a hot wallet on your main computing device (laptop, smartphone, whatever) instead. You can create an easywallet with any bitcoin wallet software that supports BIP39 passphrases.
Step 1. Generate the passphrase
We will use the EFF long word list with five dice to generate a seven-word passphrase. This will give us a passphrase with 90 bits of entropy. Coldbit estimates a passphrase of this strength will take an "infinite" amount of time to crack even on the most advanced passphrase cracking computers that could theoretically be invented. Based on Coldbit's estimate, Trezor estimates the cost of even making the attempt at cracking this passphrase to be in the billions of US dollars (at the time of writing in 2023).
Note: You don't have to use the EFF long word list, you could use the EFF short word list (with four dice) or the original Diceware list (with five dice). But for a standard easywallet, we use the EFF long word list with five dice and seven words.
To generate the seven-word passphrase, take your five dice and roll them. You will get five numbers. Write the five numbers down. Open up the EFF long word list and find the word that corresponds to the full five-digit number you wrote down. This is the first word in your passphrase, so write it down. Repeat this process of rolling the dice, writing down the numbers, finding the word in the list that corresponds to the numbers, and writing the word down, six more times, until you have a seven word passphrase.
Example: Rolling your five dice turns up the numbers 4, 3, 4, 6, 3. Look up the number 43463 in the EFF long word list. You will find the word "panoramic." This is the first word in your passphrase. The process repeats six more times, until you have a seven word passphrase.
Note: You can use one dice if that's all you have, you will just have to roll the dice five times per word, instead of rolling five dice once for each word.
Note: While unlikely, it's possible that you roll the same numbers that correspond to the same word in the wordlist more than once. If this happens, you are free to re-roll if you want a different word, but you don't have to. The passphrase will be just as secure even if one of the words is duplicated.
Step 2. Create the wallet
Now that we have a passphrase, we can create our easywallet in Electrum. Select "Standard wallet" and "I already have a seed phrase". For the seed phrase of the wallet, we will use the first seed phrase in Michael Flaxman's alphabetically-ordered list of seed phrases that contain only one word.
action action action action action action action action action action action action
Under "options" select "BIP39 seed". Add your passphrase to the end of your seed (without spaces).
Example: If the seven words in the passphrase are "do not use this insecure test passphrase" then the seed entered in Electrum should look like: action action action action action action action action action action action action donotusethisinsecuretestpassphrase
Click "Next" three times to open your wallet.
Step 3. Test your wallet setup
Go to the "addresses" tab in Electrum. Right click on the address you want to send to, click "Details" in the menu, then click the QR code icon next to the address in the window that pops up to see a QR code for the address. You can scan this QR code using another bitcoin wallet to send bitcoin to your easywallet -- but don't send any bitcoin yet. Note the first seven characters of the address.
Now close and delete your easywallet. Open Electrum again, and re-create the wallet with the same BIP39 seed (seed phrase + passphrase) that you used in Step 2. Open the wallet and check the addresses tab. You should see the same address that you noted down when you had the wallet open before. If so then you have the right seed + passphrase combo. If not, something was copied or entered incorrectly and you'll need to try again until you can consistently generate the same set of addresses.
Once you confirm that you can consistently generate the same set of addresses from your BIP39 seed, you can make a test transaction. Transfer a small amount of BTC from your other wallet to your easywallet address. Then follow the instructions for spending from a cold Electrum wallet to transfer the BTC back to your other wallet.
Now you have confirmed that 1) you can consistently generate the same set of addresses from your BIP39 seed, and 2) you can spend from your easywallet. You wallet is now safe to fund with larger amounts of BTC. Keep your BIP39 seed (seed phrase + passphrase) safe until you complete Step 4. If you don't have a safe place to keep your BIP39 seed, then do not fund your easywallet with a significant amount of BTC until you complete Step 4.
Step 4. Memorize your passphrase
I started this guide with a claim: if you can remember a phone number, you can remember an easywallet. A phone number in the U.S. has seven digits, not counting the area code. An easywallet has seven words. If you repeat these words a few times a day, for a few weeks, and at least a few times per month thereafter, you can memorize these words forever, just as easily as you would memorize a phone number (barring dementia or some other brain injury/illness). Be sure not to practice saying these words out loud near any other people or microphones that could be listening/recording!
Use cases
Although easywallet's 90 bit security is widely considered safe among cryptographers, this is less secure than a random 12 word seed phrase, which is 128 bit security. So I would not recommend storing your life savings in an easywallet, at least not long-term. So what is an easywallet good for?
  • One key in a multisig setup
  • A hot wallet for carrying around pocket change
  • A backup wallet for storing/transferring funds in a pinch
  • A portable wallet that you don't want to store on any physical media, but only in your memory, and only for a short amount of time. Example: You need to flee your home country with your life savings, and you don't want your private keys to be on your computer or any hardware wallets on your person. You can commit your easywallet to memory, transfer your life savings into the easywallet for temporary storage, then once you are in a safe place you can transfer the funds from the easywallet into a more secure traditional wallet.

Appendix

Border Wallets vs easywallet
A Border Wallet is a type of wallet that replaces the words in a BIP39 seed phrase with a visual pattern. The main differences between a Border Wallet and an easywallet are 1) the requirement to memorize a visual pattern plus one checksum word, vs easywallet's seven words, 2) the requirement to store the wallet's "entropy grid" in a place that it can be recovered later, vs no storage requirement for an easywallet, and 3) a Border Wallet generates a 128 bit seed phrase, vs easywallet generates a 90 bit passphrase.
A Border Wallet entropy grid could be used to generate an easywallet, by creating a seven-cell visual pattern on top of the grid. But this would not be as secure as generating an easywallet using the EFF long word list, due to the different length of the word lists used by each tool. So to be on the safe side it is probably best to think of Border Wallets and easywallets as being mutually exclusive tools. That said, you could experiment with both a Border Wallet (as it is intended to be used) and an easywallet and use whichever one works best for your situation and preferred memorization technique.
BIP39 seed phrase vs easywallet
The main difference between a BIP39 seed phrase and an easywallet is that a BIP39 seed phrase has 12 or 24 secret words and an easywallet has a publicly-known 12 word seed phrase and a secret seven word passphrase. A 12 word BIP39 seed phrase has 128 bit security, while a seven word easywallet has 90 bit security. Every additional bit of entropy doubles the number of guesses required for someone to brute force the secret, so 128 bit is significantly more secure than 90 bit security --  1,073,979,591 times more secure, to be precise, if we measure security by the amount of time it would take to brute force the secret at 100,000,000,000,000 guesses per second.
The other main difference, related to the number of words, is ease of memorization. Which is easier for you to memorize, 12 words or seven words?
Again, you can experiment with both BIP39 seed phrases and easywallets then choose the tool that works best for your situation and preferred memorization technique (if you choose memorization as the means of storage for your wallet).
Other wallet security resources
If you are interested in learning more about wallet security, check out these resources:
Pretty cool. But I just have a hard time with instructions that tell you to never connect an old phone or laptop back to the internet again. It seems like such a waste and also security theater. If the world has a window into all of your internet connections, you’re already pwned.
reply
Lol this is stupid simple but I really never thought about it
Nice tradeoff for quite a good security with ease of "storage"
reply
Very interesting, thanks.
Have people who know more (than me) about security/cryptography taken a look at this, to try to poke holes in it?
reply
There are endless ways to derive entropy from existing hash algos.
for example you can do sha256("weak password 4") this gives you b4424dd47712534183a59c2bf448ef713ac976af320f1a14180e76b44a85e9d1
You can split that output at the 7th digit. easy to remember because you have had 7 broken bones. b4424dd< - >47712534183a59c2bf448ef713ac976af320f1a14180e76b44a85e9d1
you can swap the parts 47712534183a59c2bf448ef713ac976af320f1a14180e76b44a85e9d1 < b4424dd
Too simple. but in order to test every common weak password, now takes 64x as long. What if you split that hash into groups of 3, and assemble them differently? What if you take half of them and produce another hash?
What if you used sha512?
With a few simple methods like these, part of your algo is secret, so an attacker can never attack it on account of having weak seed entropy such as a short password.
Take notes and practice recovering the output from time to time.
reply
It likely improves security across the broader ecosystem for there to exist many hundreds of different seed derivation schemes.
What will save this and many other schemes from brute force adventurism, is the fact that once you use this to generate the master private/public key pair > individual key pairs > address hashes, there is no way to tell how the seed was derived.
So unless you go announcing it on the web, (too late for you) brute force attacks have to come through the hash-wall, and derive a private signing key from a matching public key.
This is not publicly know to be possible. Social engineering is where it's at: do not post on Facebook that each of your family members is memorizing 3 words for you.