Well that sounds reasonable indeed. The thing I'm most worried about by far are keyloggers and keeping the whole thing offline would pretty much solve that. I'm really looking forward toward the SSS solution within the GUI then, this would solve my other worry of somehow losing the piece of paper with the key.
One more question if you don't mind then: is there a risk that when you want to install Armory on your offline computer and transport it using a USB stick, malware somehow manages to copy itself on this stick and get onboard your offline computer, installs a keylogger and manages to get crucial information back on the internet using the same USB stick? Or is this way too far-fetched?
Well, the next release of Armory will have some help on the keylogger front (see images below). The keylogger would have to record mouse-clicks in order to get your passphrase, and even that is useless if you scramble the keyboard. Anything advanced enough to break that, will get your private keys another way.
As for the USB viruses: that is a very real, and very remote threat. It's not to say it couldn't be done. It's why I've got the
Improving offline wallets thread. The reason why I stick with USB is so that
people use it. I'd much rather they use USB keys, than get fed up with something complicated, or not supported on all OS (battling drivers issues), and then resort to just regular hot wallets. USB keys are universal, and everyone understands them. No doubt, though, I'm working on some alternatives, for advanced users.
Isn't the
Simple Python Keylogger already able to record mouse-clicks and taking a snapshot in each instance? I'm sure if an open source keylogger is up to the job any malicious keylogger should be able to do so as well.
