So I just bought some bitcoins and wanted to try to make them as safe as possible within a reasonable way. I also happen to have a raspberry pi, so here is what I did:
On my normal computer:
1. Formatted SD card.
2. Installed raspbian.
Then on my Raspberry pi:
1. Connected to the internet.
2. Updated software.
3. Downloaded and installed printer software.
4. Went to bitaddress.org and saved it.
5. Disconnected from the internet and changed raspbian log in password.
6. Generated multiple copies of my paper wallets and printed them.
7. Stored paper wallets and SD card in different locations I consider safe.
I could also secure wipe/destroy the SD card but I don't think it's necessary at the moment and I might want to create more wallets later on (I will never connect to the internet again of course).
I realize there are a few ways this could be insecure (other then gaining physical access to my wallets) such as:
1. Bitaddress.org doesn't make random enough addresses offline.
2. Some kind of software from when I installed raspbian on my normal computer or when I connected to the internet through my raspberry pi changed how bitaddress.org makes its keys so they aren't really random.
I can't think of anything else at the moment. How likely do you think any of the above is and what do you guys think in general of my method? Thanks in advance!
Depends on how paranoid you are, you may:
1. Check the hash of bitaddress.org against the one on github. Check it on the offline raspberry pi, not on the desktop computer
2. Audit the bitaddress.org code if you could
3. Never allow the raspberry pi connect the internet again or simply remove its lan port. Never use it for any other purpose
4. If you worry about randomness, generate private key by throwing dices, and transform the key into address with bitaddress.org
5. Never connect your printer to anything other than that particular raspberry pi. Your printer may store the private key in its RAM