How to download 100% securely?

[cryptocash]

Hi,

I am looking for a secure wallet for quite some time now and there are several solutions
but I still have some questions since I always have my doubts about these solutions in one way or another.

So for creating an offline wallet you will need a clean system AND a bitcoin client or some other software to create your wallet.

For a clean system I could use a windows installation cd or mac installation cd - ok (let's assume they are ok).

But what if wanted to use ubuntu for example. I would have to download the system with my online system and burn it to cd or copy it to a usb drive. Same goes for the client or any other software which will create the pub/priv-keypair.
How do I get to download absolutely securely???

As far as I know I have to assume that my online system is already compromised and
the moment I put by usb drive into my online computer it potentially gets infected, too.

So how do I get the needed apps/programs onto my offline system without compromising it?

Thanks for your help!

PS Same goes for truecrypt for additionally encrypting the wallet.dat

[bitcon]

you  could install ubuntu, then bitcoin client.  then install  tor project browser on both old and new computer.  you need to have tor running on both computers, then make sure both of your btc client can dl the chain thru tor proxy, by selecting "connect thru proxy" on your bitcoin client.   the adress you use  is 127.0.0.1 and the port is 9051 i believe.  if not,  go into your tor settings and check what port it is connecting thru if 9050 or 9051 doesnt connect.  once both computers are connecting your btc client thru tor proxy, you can send from your suspected compromised computer to your clean ubuntu install.   you could even send from "infected" pc to mtgox or other btc online service then, from mtgox to clean computer.  make sure you encrypt and backup your new wallet.

[cryptocash]

Thanks for your reply.

Unfortunately this confuses me

I do not have an infected computer. I assume that any computer which has ever been connected to the internet is potentially infected.

So in your proposed solution

a) I still don't know how to get a clean ubuntu (because I would have to download it - so again internet - again pot. infection)
b) I would connect my 'clean' computer to the internet - even if it is through tor - it still has a connection to the internet and therefore security is potentially breached.

Unless I don't get it...

[kjj]

You want 100% security?  Build your own semiconductor foundry to make your own chips, place them on your own boards, write your own operating system and rewrite bitcoind from scratch.

If you can live with merely 99.99% security, you can buy a normal computer, install it with a random ISO from the internet, and then make yourself an air gap*.

Just don't ever plug in the network or transfer files with USB.  You can create transactions on a totally insecure computer oozing with malware, as long as you view it on one screen and type it by hand on the secure computer's keyboard.  On the secure computer, verify the addresses you are paying to, and check the keys used to sign that address (oops, better wait for Gavin to finish the secure payment protocol), then sign the transaction and retype the now signed transaction on the insecure computer.

* An actual air gap is overkill, but only slightly.  You could also use some forms of communication, but they need to be really dumb forms that are incapable of doing sneaky things.  Several have been proposed in various secure hardware wallet threads.  Any port where you can directly control a pin would work, which means parallel ports are good, and serial ports too, if you ignore the actual rx and tx pins.  Various audio schemes have been considered.  Block devices of all sorts (USB, floppy, optical, tape, etc) and ethernet are right out.