The biggest problem with cold storage wallets is making sure that your address..

[CIYAM]

Can you sign transactions offline with Bitcoin-Qt?

Yes of course you can - it's called "signrawtransaction" (I use it with the CIYAM Safe which is a 100% air-gapped offline tx signing system).

[go1111111]

Can you sign transactions offline with Bitcoin-Qt?

You can using the command line, but it's cumbersome: https://people.xiph.org/~greg/signdemo.txt

[keystroke]

What's wrong with QT? It has been audited to an extreme. Armory is great with the paper wallets but putting a wallet.dat into cold storage should be ok.

Can you sign transactions offline with Bitcoin-Qt?

It should be possible with the API. Then just use sendrawtransaction with the online client.

[coastermonger]

How do you think the "input mouse movement" for bitaddress.org stacks up for randomness?

[deepceleron]

How do you think the "input mouse movement" for bitaddress.org stacks up for randomness?

I just have a guess, do you have one?

<script type="text/javascript">
ninja.seeder = {
   // number of mouse movements to wait for
   seedLimit: (function () {
      var num = Crypto.util.randomBytes(12)[11];
      return 50 + Math.floor(num);
   })(),

   seedCount: 0, // counter

   // seed function exists to wait for mouse movement to add more entropy before generating an address
   seed: function (evt) {
      if (!evt) var evt = window.event;

      // seed a bunch (minimum seedLimit) of times based on mouse moves
      SecureRandom.seedTime();
      // seed mouse position X and Y
      if (evt) SecureRandom.seedInt((evt.clientX * evt.clientY));

      ninja.seeder.seedCount++;
      // seeding is over now we generate and display the address
      if (ninja.seeder.seedCount == ninja.seeder.seedLimit) {
         ninja.wallets.singlewallet.open();
         // UI
         document.getElementById("generate").style.display = "none";
         document.getElementById("menu").style.visibility = "visible";
      }
   },

   // If user has not moved the mouse or if they are on a mobile device
   // we will force the generation after a random period of time.
   forceGenerate: function () {
      // if the mouse has not moved enough
      if (ninja.seeder.seedCount < ninja.seeder.seedLimit) {
         SecureRandom.seedTime();
         ninja.seeder.seedCount = ninja.seeder.seedLimit - 1;
         ninja.seeder.seed();
      }
   }
};


How does it "stack up", I guess that depends on how secure you find seeding RC4 with some mouse positions.

[piotr_n]

I found this news somehow relevant to the discussion we had at the previous page, so I will post it here.

“We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say

Developers of the FreeBSD operating system will no longer allow users to trust processors manufactured by Intel and Via Technologies as the sole source of random numbers needed to generate cryptographic keys that can't easily be cracked by government spies and other adversaries.

The change, which will be effective in the upcoming FreeBSD version 10.0, comes three months after secret documents leaked by former National Security Agency (NSA) subcontractor Edward Snowden said the US spy agency was able to decode vast swaths of the Internet's encrypted traffic. Among other ways, The New York Times, Pro Publica, and The Guardian reported in September, the NSA and its British counterpart defeat encryption technologies by working with chipmakers to insert backdoors, or cryptographic weaknesses, in their products.

more: http://arstechnica.com/security/2013/12/we-cannot-trust-intel-and-vias-chip-based-crypto-freebsd-developers-say/

[Jace]

What is the best way to be absolutely sure my address is random|?
Has anyone ever thought about this issue?

Same here, I am extremely paranoia about this.

Almost 100% secure: just create them as brainwallets from very long random input strings. Obviously you don't need to remember these, they're meant for cold storage so they're not actual 'brainwallets'. They're just created in the same way as brainwallets, i.e. the private keys are hashes from strings. This rules out any dependency from random generators with possible weaknesses.

When I say 'very long random input strings', I mean garbage like this: (just typing a bunch of gibberish characters)

Code:

fY72^og(fU FO!MNxTL/rwA q2kd#plv0ni40X.e4 7n7*4nv5^3u 2_14h D!IQZD6k3L7n

For this particular example, the private key would be Sha256("fY72^og(fU FO!MNxTL/rwA q2kd#plv0ni40X.e4 7n7*4nv5^3u 2_14h D!IQZD6k3L7n") = eab9498f0c866509a2ff09fa40b556776f54b78f941f36cc69bdbf7832f45473, or expressed in more common Bitcoin format: 5KbfHWM9R2AKhoAtkcTDv6agnzJoPCHZkrEnSy8t8bnVTUHJnND and its corresponding address is 1FtUbMx47zhF3AUWTWCULQzDyRJgVDV23G.

Now, to compensate that last bit of paranoia (and just in case some day an entropy weakness is discovered in Sha256 or something), I took this one step further, and created the private keys for my 'big savings' addresses as three xorred hashes:
(1) Some generated (pseudo?)random private key (using bitcoind or bitaddress.org or whatever)
(2) The Sha256 hash of some long random garbage string
(3) The Sha3-256 hash of some different long random garbage string

So for example:
(1) = 5K2F4Ng3ZYx9s98yEj1ukm1boGEHrAt5rMxXy2cnRdMuQtgTVE7 = 9ed845749f418efc834f1b9b5fd0c1765e7ace2177153a59dc818d6ac5df6232
(2) = Sha256("wP7fB2-fo#90wZ7d 4p6.Z1Ug5r H!0tI6*gp7!zcn)V bw4!Qib") = 7220f93d3a8059d19a3a1be4a2e1c3294185ffcae61aece0d02d73d43f9840d2
(3) = Sha3-256("v5!0ZF%kv 2p0isI*yWJ dky3R7Q#en!4X6;UGS-v35r U#aw/5{61ca") = b6783aadb56f8228feb9673eaf15184417ecc3a1e854ed75bf26de1b126c1c26

Xorring these three gives 5a8086e410ae5505e7cc674152241a1b0813f24a795b3bccb38a20a5e82b3ec6 which results in 5JW9LPbpY1b8aLd8MHkZBCtSCbmA29oaHA1jmpf5dWAEntfYo58 / 13wCBWBnQ86kKHBztMm3j44wb53RYP8LuQ.

I'm quite convinced it doesn't get any more secure than this, in terms of private key 'randomness'.

[dre_2ooo]

What is the best way to be absolutely sure my address is random|?
Has anyone ever thought about this issue?

Same here, I am extremely paranoia about this.

Almost 100% secure: just create them as brainwallets from very long random input strings. Obviously you don't need to remember these, they're meant for cold storage so they're not actual 'brainwallets'. They're just created in the same way as brainwallets, i.e. the private keys are hashes from strings. This rules out any dependency from random generators with possible weaknesses.

When I say 'very long random input strings', I mean garbage like this: (just typing a bunch of gibberish characters)

Code:

fY72^og(fU FO!MNxTL/rwA q2kd#plv0ni40X.e4 7n7*4nv5^3u 2_14h D!IQZD6k3L7n

For this particular example, the private key would be Sha256("fY72^og(fU FO!MNxTL/rwA q2kd#plv0ni40X.e4 7n7*4nv5^3u 2_14h D!IQZD6k3L7n") = eab9498f0c866509a2ff09fa40b556776f54b78f941f36cc69bdbf7832f45473, or expressed in more common Bitcoin format: 5KbfHWM9R2AKhoAtkcTDv6agnzJoPCHZkrEnSy8t8bnVTUHJnND and its corresponding address is 1FtUbMx47zhF3AUWTWCULQzDyRJgVDV23G.

Now, to compensate that last bit of paranoia (and just in case some day an entropy weakness is discovered in Sha256 or something), I took this one step further, and created the private keys for my 'big savings' addresses as three xorred hashes:
(1) Some generated (pseudo?)random private key (using bitcoind or bitaddress.org or whatever)
(2) The Sha256 hash of some long random garbage string
(3) The Sha3-256 hash of some different long random garbage string

So for example:
(1) = 5K2F4Ng3ZYx9s98yEj1ukm1boGEHrAt5rMxXy2cnRdMuQtgTVE7 = 9ed845749f418efc834f1b9b5fd0c1765e7ace2177153a59dc818d6ac5df6232
(2) = Sha256("wP7fB2-fo#90wZ7d 4p6.Z1Ug5r H!0tI6*gp7!zcn)V bw4!Qib") = 7220f93d3a8059d19a3a1be4a2e1c3294185ffcae61aece0d02d73d43f9840d2
(3) = Sha3-256("v5!0ZF%kv 2p0isI*yWJ dky3R7Q#en!4X6;UGS-v35r U#aw/5{61ca") = b6783aadb56f8228feb9673eaf15184417ecc3a1e854ed75bf26de1b126c1c26

Xorring these three gives 5a8086e410ae5505e7cc674152241a1b0813f24a795b3bccb38a20a5e82b3ec6 which results in 5JW9LPbpY1b8aLd8MHkZBCtSCbmA29oaHA1jmpf5dWAEntfYo58 / 13wCBWBnQ86kKHBztMm3j44wb53RYP8LuQ.

I'm quite convinced it doesn't get any more secure than this, in terms of private key 'randomness'.

How long would you say the random garbage string needs to be?  100 char?  200?

This intuitively seems more secure than 100 rolls of dice since that would make a string of numbers, whereas these garbage strings are full of numbers, letters, characters, and spaces. 

Do you just make a new text document, mash your keyboard, then copy/paste the string into a brain wallet in bitaddress?  Assuming this is all done on a computer that will never and has never seen the internet and on wired peripherals, of course.

[dunand]

I made a python script to generate a private key using anything you have under your hand to generate randomness. You can use a coin, a dice, bingo balls... At the beginning you choose the base you want to use. The script will ask you to pick numbers until you have the most secure private key possible.

https://github.com/dunand/bingowallet