Well what about a paper wallet you say? This is definitely easier. I can go to Bitaddress and print something quickly, but wait! I don't even have a printer at home. So what if I use the one at work? Uhh, that's like leaving a giant fingerprint left on the printer. And once again you ask what about getting a cheap printer to print at home? Once again I'm tasked with the issue of offline computers.
Write the key down with pen and paper. The only advantage of "printing" it is convenience, and you get fancy graphics on the paper.
If you don't trust your computers, just burn a Linux live CD (eg. Ubuntu), unplug the network cable, and boot off the CD. It will not modify or damage your existing operating system unless you deliberately tell it to. Then you can generate a private key using bitaddress or whatever other method you prefer.
In theory this still isn't absolutely 100% secure as there is malware which can persist across operating system reinstalls (BIOS implants), but the chances of this are so low that it's not even worth worrying about.
How common is malware? I'm a moderately capable computer guru I'd say, and I have never gotten infected, except once when I was in high school and young and naive. I downloaded something suspicious and I KNEW it was suspicious too. I clicked on it once and intended on rightclicking to hit Scan or Delete (I forget a bit), but I accidentally double clicked. I knew it was going to screw me too and I saw the whole thing just unfold in front of me in slow motion. Freaking virus screwed my whole computer up.
But honestly, with all the spyware and malware out there I think there's FAR more people just infected with something stupid that annoys them or spams their computer more than there are people whose logins and passwords are actually getting stolen by keyloggers. Is it just me or this whole keylogger/malware stuff is getting overblown?
With all these Bitcoin thefts out there, how many people have actually gotten funds stolen because their passwords were logged? Most of the issues I've seen so far relate to:
- Terrible password choice leading to easy guessing and Brainwallets getting snatched
- Reuising passwords that were likely compromised in some other leak (Adobe, LinkedIn, etc.)
- Not using 2FA while having a crap password
- Losing digital wallet files
- Losing paper wallets, misplacing, etc.
And this is why I continue to ask why with cold wallet storage, people are going full tinfoil hat. The issues right now are more user issues more than anything. The way Blockchain is setup, there are some concerns such as keyloggers, or the site getting compromised with a MITM attack, but there's nothing really inherently wrong with Blockchain. It's more than sufficient if you setup a strong password and 2FA if you're really scared. Even if the site gets hacked and people steal your encrypted wallet, so what? It's encrypted. If you chose a good enough password, that's like having people hack Brainwallets and trying to generate phrases to guess seeds. In an ideal world, nothing gets compromised, but I think given that most people have issues with losing things, properly storing things on their computer, those real world user errors are a bigger threat to cold wallet storage and hot wallet storage, than with sites getting hacked, computers getting keylogged, MITM attacks, etc.