Bitcoin Forum

I read some news that they are claiming Bitadress and brainwallet adress may be unsafe.

Which website are you using for creating paper wallets in safe? I always used bitadress. I never experienced bad issues. But I am not sure I can use it anymore.

As it was already replied in the other thread (https://bitcointalk.org/index.php?topic=5166510.msg51873976#msg51873976), the Brain wallets are not really safe, paper wallets are okay. And Bitaddress is, from what I know, one of the best options (if you generate offline, and so on and so on).

It's not that the website (Brainwallettx.github.io) is vulnerable but it's simply that people are in most cases not able to create enough randomness. It's very unlikely that you will make a passphrase that no one has used it before, and the risk lays there. You can create an Electrum wallet offline and simply memorize the seed, that's far more secure.

As for Bitaddress, then the website is fine as long as you're generating the wallet offline in a LiveCD linux distribution and If you want to generate SW addresses you can use SegwitAddress.org

How can I create Ethereum wallet offline? I am doing it with bitadress.org for BTC but I don't know for Ethereum.
Also is there any table or something for other wallet choice?

use https://github.com/iancoleman/bip39
download localy and run without internet and choise coin : eth
derivation path bip 44

or download localy
https://github.com/MyEtherWallet/MyEtherWallet/releases
then running offline

Being offline does not mean that you are safe. As long as there is an Internet connection *at any moment* you may be at risk.

 - Download an open-source (Linux) system using the official URL.
 - Download Electrum using the official URL.
 - Boot your OS from an offline Pc and install Electrum wallet (that contain the private key).
 - Create a watch-only wallet.
 - use online PC to access to that wallet.
 - Create a new transaction ----> click Preview ----> check everything is correct ----> click save.
 - open your offline OS -----> open Electrum ----> Load Transaction ----> check it is correct -----> click Sign ----> enter your password.
 - back to your online PC ---> Load Transaction ----> Broadcast it.

Try to make the open-source system safe and do not install any additional programs.

You can download the whole Myetherwallet website from the github page (https://github.com/kvhnuke/etherwallet/releases/tag/v3.39.0) of the founder of MEW.
Download the zip file etherwallet-v3.39.0.zip, turn off your internet connection, unzip and access the zip file, open the index.html, then create a new wallet, download the json file, save your private key, then you can print it as a paper wallet.

There are two things I would add in to your otherwise great explanation:

Download Electrum using the official URL and verify your download using by following the instructions given here: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/

Secondly, rather than exporting the transaction and transferring it between devices using a USB or other removable media, the absolute safest way to do it is by generating a QR code and scanning it on the other device. This eliminates the possibility of unknowingly transferring malware to your air gapped device.

You still have to use USB to transfer unsigned transaction though, and while it's possible to use camera's, most people probably don't have them available, because everyone relies on phones these days. To deal with this problem, it's important to insert the USB with unsigned transaction first, copy the transaction, then wipe the USB. Only after that you should insert the USB with your wallet. I also like to use Tails as my live OS for this purpose, because it's built to be amnesiac, which means it doesn't keep any data between sessions. This is additional obstacle for some hyper-sophisticated malware that would try to steal coins from offline machines.

No you don't. Once you've set up the transaction on your watch only Electrum wallet, click "Preview" and then click the little QR code icon in the bottom corner. It will generate a QR code for the unsigned transaction which you can then scan in to your air gapped wallet.

Also, pretty much every laptop built in the last 10 years has a built in webcam, so they are not that rare, and you can buy a cheap one for less than 20 bucks.

you don't necessarily have to use a special tool such as bitaddress or even MEW for that matter. you can do it with literary any wallet of that coin as long as it has the option to "export private keys". for example you could download one of the {insert any altcoin name here} desktop wallets, create a new wallet and then export the key an print that on a piece of paper to have a "paper wallet"!
* obviously you have to take the security steps that were explained in other comments such as being offline and verifying signatures.

The script for bitaddress.org is very small, so you can simply download it directly from the site or from the Github and verify the signature and then execute it offline to generate the paper wallets. The problem comes in when you go online again, because a lot of computers are Malware infected and some of these Malware can store Private keys generated on these computers and then forward it to the hacker, when the computer comes online again.

What I did was to buy a cheap second hand computer and printer <less than the price of a hardware wallet> and then use that to generate "offline" paper wallets. This computer and printer will never be used online again, so no hacker will ever get to those private keys and after I am done with it, I will physically destroy it.  ;)