You'll likely have to use a combination of different hashes in varying rounds (eg., 10x Sha256 => 2x Scrypt => Bcrypt => etc) requiring an attacker to reproduce your exact hashing steps. Let's not forget that anyone who is scanning for brainwallets has a lot of time to do so and thus can account for multiple hashing rounds as well.
Question being, whether a simple obfuscation algorithm that can be done in your head or with a piece of paper is sufficient, as opposed to a computer-supported one. Unless you can mentally sha256 
Given the amount of possible simple obfuscation algorithms I guess one can achieve sufficient security without computer support, assuming you don't rely on any well known methods (rot13 anyone?). In other words, this could be a use case where rolling your own "crypto" and security by obscurity might be a good thing.
Given the amount of possible simple obfuscation algorithms I guess one can achieve sufficient security without computer support, assuming you don't rely on any well known methods (rot13 anyone?). In other words, this could be a use case where rolling your own "crypto" and security by obscurity might be a good thing.
Using the word algorithm loosely, if you cant design an algorithm which remains secure when your adversary knows it, then you will certainly be unable to design an algorithm which is secure when unknown.
Note the subtle difference from what you usually hear.
Maybe I misunderstand you, but the obfuscation algorithm itself doesn't need to be secure. After all the attacker doesn't want to derive the original message from your obfuscated passphrase. That's were "security by obscurity" would fail.
Instead, my rationale is based on the potential attacker having two choices:
a) Derive your obfuscated passphrase from either your BTC address or your public key -- obviously unviable right now, otherwise we'd have other problems.
b) Brute force your original passphrase AND the correct steps with which you obfuscated it -- the latter of which there are effectively infinite possibilities, even when limiting yourself to pen-and-paper algorithms (eg. uppercase every nth letter, insert a special character according to the fibonacci sequence, apply multiple rounds of rot26... etc etc).
Combine a strong passphrase with some layered weird-ass obfuscation steps and you should get yourself enough entropy for decades to come.
On the other hand I just stumbled upon a fairly recent Def Con talk about cracking brainwallets, maybe it makes me rethink my assumptions.
Here's the link, without knowing yet whether it's going to be any good:
https://www.youtube.com/watch?v=foil0hzl4Pg
Edit: The talk above covers nothing that hasn't been discussed in this thread already. Keeping the link for reference though.