2
I have seen several ways of creating an offline wallet for cold (secure) storage:
Are any of these methods more secure than the others? Is there a recommended solution for creating a secure offline wallet?
1
The problem with using an operating system like Windows to create these password-protected wallet is that you could still be offline (not connected to the internet), but if you have some sort of virus installed, they could copy your wallet, get your password that you'd type in, and store it locally. Then as soon as you connect it to the internet, they would send all this info to their servers and you're wallets would now be breached.
So using an operating system that is secure and open-source is very important. I would personally even disregard Ubuntu, because it has a graphical interface and it comes preinstalled with lots of questionable software - some of which has been recently set to send unwanted data to their servers.
Using something like FreeBSD or other Linux distros, directly using the command-line, and no graphical interface, would lower the barrier for any sort of attack.
0
101% safe version:
Use Bitcoin QT to generate a wallet offline using a USB (pendrive) version of Ubuntu
Export private key and write (don't print) it manually on paper (double check)
Power off your PC
You can do the same with fresh Windows install BUT after you generate private key HARD FORMAT (wipe) HDD
0
A secure but clumsy alternative is to avoid general-purpose desktop/laptop computers and smartphones entirely. It's possible to generate keys without a real computer, which would protect you from malware and network-based attacks (but spending the coins is a different story).
It's possible to generate random Bitcoin private-public key pairs on a more restricted computing device, like an Arduino microcontroller without Wi-Fi or Bluetooth capabilities. (Or Texas Instruments LaunchPad, PJRC Teensy, etc.)
You would need C/C++ code that collects random numbers, computes the public curve point, and hashes the data to get the public address. The device should have a screen to display your private and public keys. A 32-bit CPU is preferred for faster math, because doing SHA-256 and elliptic curve calculations on an 8-bit CPU could take a while.
Here's an example of an Arduino-based project by Steven Pearson that securely generates a key and prints it:
I wouldn't suggest anybody ever use that code to make private keys, it is very unlikely to be safe. – Anonymous – 2015-07-26T09:49:06.360
How do you know if Pearson's code is safe or not? – Nayuki – 2015-07-26T14:26:24.127