https://bitcointalk.org/index.php?topic=213946The boot DVD does not need to bring any network interfaces up. Only security risk is the PDF files that you copy to the thumb drive and possibly printer buffer (or wireless network to printer) but if you have a linux friendly printer direct connected not even that issue exists as you can just print from the boot DVD.
As far as a hardware device, there's no need for it.
A boot DVD is all you need.
I'm biased of course but dedicated device has a much smaller attack surface.
The site used to host the DVD image can be compromised and the image replaced with one that generates predicatable wallets.
The computer used to burn the DVD may be compromised to recognize the iso image and modify it to generate predictable wallets.
This would be impossible to detect without a dedicated offline system that has never seen the internet to verify the integrity of the DVD.
The computer used to run the image may be compromised with a hypervisor rootkit that recognizes the DVD and again modify it to generate predictable wallets.
This is impossible to detect without a dedicated offline system that has never seen the internet to verify the integrity of the DVD.
These modifications would be as simple as crippling the RNG in the kernel.
These are hypothetical but more specific hacks have been written in the past (e.g. Stuxnet)
A dedicated device is still difficult to verify but at least its not a moving target like an malware infested machine "securely" booted from a DVD.