Using Bitcoin-qt safely offline

[Jellybean]

Hi everyone,
I posted here couple of days ago, and got advised to use bitaddress.org, however, I'm not 100% confident with it, so I thought about something else for a savings ONLY account. Since Bitcoin-qt created by Satoshi, I believe it should be safer to use it, right?

1. Disconnect internet
2. Run ubuntu from LIVE CD
3. Open bitcoin-qt, close it
4. Open bitcoin-qt, Generate a few addresses, copy them to a txt file,  copy the addresses to 2 USB devices, write them down on paper, etc
5. Export Secret keys from wallet, write them down on a paper
6. Turn OFF PC
7. Check the blockexplorer - each transfer to each address to see if btc received


I  won't encrypt and won't save the .dat to ensure that if there's a keylogger on my pc, it won't get the info.
What's your opinion guys?
Thanks!

[DannyHamilton]

Hi everyone,
I posted here couple of days ago, and got advised to use bitaddress.org, however, I'm not 100% confident with it, so I thought about something else for a saving ONLY account. Since Bitcoin-qt created by Satoshi, I believe it should be safer to use it, right?

1. Disconnect internet
2. Run ubuntu from LIVE CD
3. Open bitcoin-qt, close it
4. Open bitcoin-qt, Generate a few addresses, copy them to a txt file,  copy the addresses to 2 USB devices, write them down on paper, etc
5. Export Secret keys from wallet, write them down on a paper
6. Turn OFF PC
7. Check the blockchain after each transfer to each address to see if btc received

What's your opinion guys?
Thanks!

Be very careful to make sure that your record the private keys correctly.  If you can't read your writing later, or you accidentally write the private key down wrong, you might not be able to access the bitcoins.  Other than that, it sounds like it will work.

[wiggi]

Hi everyone,
I posted here couple of days ago, and got advised to use bitaddress.org, however, I'm not 100% confident with it, so I thought about something else for a savings ONLY account. Since Bitcoin-qt created by Satoshi, I believe it should be safer to use it, right?

1. Disconnect internet
2. Run ubuntu from LIVE CD
3. Open bitcoin-qt, close it
4. Open bitcoin-qt, Generate a few addresses, copy them to a txt file,  copy the addresses to 2 USB devices, write them down on paper, etc
5. Export Secret keys from wallet, write them down on a paper
6. Turn OFF PC
7. Check the blockexplorer - each transfer to each address to see if btc received


I  won't encrypt and won't save the .dat to ensure that if there's a keylogger on my pc, it won't get the info.
What's your opinion guys?
Thanks!

LIVE CDs should be guaranteed free of keyloggers, or everything is already lost.
Check the MD5 of the CD.
If it can log your keys (while offline) it can copy unencrypted wallet.dat too.

Secret keys on paper is less safe than wallet file in truecrypt container. Even a
human-memorable password makes it safer, attacker has to hack you *and* need
physical access to your backups.

[mjc]

In addition to what's already been noted, you could place the data which includes the block chain and wallet.dat in a secure drive.  Only mount the drive when you want to sync the interact with the wallet or sync with the blockchain.  You could use the blockchain.info online wallet with Multi Factor Authentication.  I cover both in Bitcoin Step by Step.

[blockgenesis]

Secret keys on paper is less safe than wallet file in truecrypt container. Even a
human-memorable password makes it safer, attacker has to hack you *and* need
physical access to your backups.

That being said, encryption is also pretty secure against yourself if you forget your password. Which tends to happen more often with passwords that are not used on a regular base (exactly like this scenario of a offline use).

It might also be a good idea to have a copy in different location, not just at home. One physical location is a single point of failure.

[UnsignedFloat]

Secret keys on paper is less safe than wallet file in truecrypt container. Even a
human-memorable password makes it safer, attacker has to hack you *and* need
physical access to your backups.

That being said, encryption is also pretty secure against yourself if you forget your password. Which tends to happen more often with passwords that are not used on a regular base (exactly like this scenario of a offline use).

It might also be a good idea to have a copy in different location, not just at home. One physical location is a single point of failure.

Just for fun I carved a private key into a bar of gold and put it in the firesafe. Then I've written a small procedure to graph their relative value over time, and I update it every morning.

It will be interesting to see which part is more valuable in the end...