If you were going to be responsible for storing large amounts of bitcoins, how would you go about securing them? Are there ways to distribute risk of theft, or to virtually eliminate the risk that private keys could be compromised?
Is an Armory-derived solution sufficient, with password protection on the offline server(s) and paper private key backups?
Yes, Armory is sufficient if you use an offline computer which you set up properly (clean OS/wallet install). However, there is one (actually two, which I'll explain...) potential vulnerability in the Armory system I see, which is dependence on shuttling data back and forth from offline to online computers with a USB drive. It's possible to infect computers with viruses, even offline ones, simply from plugging in USB drives. This is due to the Autorun and install feature of an OS. So you'd want to be sure to disable that on the offline computer. It's usually a Windows concern, but can apply to Linux too:
http://linux.slashdot.org/story/11/02/07/1742246/usb-autorun-attacks-against-linuxIf you're careful about not falling victim to USB autorun viruses, then I'd say Armory with an offline (and encrypted) computer and printed paper backups is nearly impenetrable.
However ...
When securing anything, you're only as secure as your weakest link.
If I were securing say 1 million dollars or more then I'd want to reduce my attack surface to the smallest possible.
Storing bitcoins on any computer, even an offline one, is risky. You reduce that risk by installing a clean OS and keeping it offline, but as I point out above even that can be compromised by USB if you're not careful. Even if you do all that properly then you have to remember to keep your physical computer safe from unauthorized use. To do that you can obviously encrypt it with a strong password, but then you have to keep the password safe too. I won't go into the various ways passwords might be learned by attackers, but just keep in mind thieves work full time on finding weak links, and have been doing so for many years. If you're storing millions of dollars I'd consider even an offline computer a risk, albeit small.
I'd do things differently with huge amounts.
First, I'd start with a dedicated offline computer and clean OS install (preferably Linux), then install the Bitcoin-qt wallet (do that securely by USB etc.) and generate some addresses. Then use Armory to print or simply copy by hand the private keys of several addresses. Say I was storing 5 million dollars. I might break that down into paper sheets of 100K each, with one address (and its amount label) per sheet (so say 50 sheets). This would be essentially printing money. I'd make two copies.
People are good with storing/guarding physical things. This moves things to that realm. After I had my two copies of private keys, and sent the correct value to each address (100K each or whatever) then I'd put those sheets into two separate brief cases and delete everything from the offline computer, reformat it. Now, I have 5 million dollars worth of value in two briefcases, and security depends on how well I can secure those briefcases. That's easy to grasp conceptually.
Next I'd transport and place the contents of each briefcase into two separate bank safety deposit boxes. Now the security of the 5 million dollars is how well access to the safety deposit boxes is guarded. This puts security back into a familiar well established model.
Whenever I needed funds I'd go to the safety deposit box, extract desired number of sheets of value and import the private keys back into a newly installed OS and Bitcoin-qt wallet on an offline computer again. Then I could use Armory, or even connect directly to the Internet to send coins. Since I wouldn't be visiting any sites, downloading any files etc., the chance of getting a virus would be essentially zero, and even if there was anything loss is limited to only that transfer session.
Send remaining balance to more sheets of paper, delete files again/reformat computer, and place sheets of new value back in deposit box(es).
