I don't like idea of having another comp for offline wallet (I travel a lot).
I'm thinking about seting up Ubuntu on VMWare Player, that will be encrypted from inside, not just outer container which seems easier to break. Also connection will be turned off from inside.
Two questions:
1. When ill run this system ill have to put in pass phrase. If I have keylogger, this password will be logged. Can it be used somehow by trojan to decrypt or run and decrypt the virtual system?
2. When system is run and going, is it's image decrypted and vulnerable from host system?
If you know what a keylogger is, most likely you have enough knowledge to not get infected by one. My offline wallet is in a virtual machine in a VMWARE ESxi server that has the vmdk file stored in a NAS protected with RAID 5 so...
How often do I turn on that VM? about once a month to download the new blocks and get my rewards from the pools.
Do I need to enter my passphrase? Not at all unless I want to perform a transaction, And I added the address in blockchain as a watch-only just to make sure I'm getting paid.
So, in short, I wouldn't use a local VM to store the wallet because you rely on one hard drive.
I do rely on a VM to keep my wallet, but the actual virtual hard drive (vmdm) is safely stored in a NAS with redundancy, worst case scenario (The actual NAS fails) I buy a similar one and I install the drives there (been there, done that)
I hope my experience helps.
Otherwise, just create a paper wallet which I also have.
