I see that a lot of people have problems generating Bitcoin keys safely so I thought I put out this quick tutorial to help them. Most people keep their coins on mobile wallets and centralized exchanges, because they don't know how to secure the bitcoins properly. Well you need to generate the private keys safely, and also sign the transactions safely. In this tutorial we will focus on the previous.
1) Create an Offline PC with No Persistence
DISCLAIMER: Before proceeding, you agree that you won't hold me responsible if you electrocute yourself or damage your computer or if any other damages happen! Proceed with caution or ask an expert to do it for you!
What you want to do is buy an old computer that is cheap and only serves this purpose, doing bitcoin transactions. It should not be a laptop because they have WI-FI in them. Then do the following:
- Make sure the computer is disconnected from the power source!
- Unplug it from the Internet
- Take out the hard disk
- Take out the video card (only if it has built-in video card)
- Take out any extra addon: Bluetooth, Network Controller Chip, PCI-Express card, etc...
The only thing that should be left in your PC hard box should be: Motherboard (with built in video card), RAM Chip, Fans, Power Unit and their respective cables.
2) Burn a Live Linux Distro to a DVD
You can choose a Linux Distro that starts up from DVD: http://livecdlist.com
Before downloading it, you should verify their PGP signatures or their checksums to know that you have downloaded the original one, not a tampered one.
3) Boot the Computer from DVD
Boot up your offline computer from a DVD, you only need the hardbox, a monitor, a mouse and a keyboard, preferably all of them should have wires, because wireless keyboards and mices are not secure.
You should also have a USB stick with which you ship the Bitcoin Wallet. Now you can choose any Bitcoin wallet you wish, but also make sure your verify their integrity. I recommend using Electrum, because it's easy to generate private keys with it, and it can be remembered.
6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
4) Generate the Private Key
Make sure you have installed everything, Electrum needs Python as a dependency, so make sure it is updated to the latest version. Then after everything is ready, you just start Electrum and it will generate your
seed with it's wallet wizard. It should be straightforward.
However maybe your CPU's random number generator is weak or tampered, so you can add outside entropy to your seed, by generating a big integer with dices for example.
@creatr pointed out in his article that you can generate seeds with dices, by generating a large number with multiple dice rolls, but I disagree with him because dices are not good random number generators. A tampered CPU should still be better than a set of dice, however we can combine them.
If you are extra paranoid, you can use the CPU for the random number generator, but you can salt that number with entropy generated from the dice, this way the number will be statistically random, but salted with an unpredictable number from your dice. The number you roll with the dice should be a base 10 integer. All you need to do is just enter this in the console:
electrum make_seed --nbits 160 --entropy 12345678910111213141516
Where you just replace the number after
entropy with your own big number generated with the dices. The bits should be 160, since this is the maximum security an unspent bitcoin address will give you. It should give you 16 random words, that you can then memorize or write down, and this can be your seed that generates all private keys in your wallet.