Hello,
I'm finding a problem making sure my cold storage wallet is secure.. I find that the only loop hole in cold storage is making sure that the address generated in the offline pc are really random..
I can think of several issues:
1. a ubunto developer change the source code so that all users that create new address in bitcoin will create address from a pool of 200 million address ( so each one will get a different one) but the developer know the keys for all of them
2. downloading a bitcoin-qt client that new address generated from this client is from a pool of 200 million address ( so each one will get a different one) but the bitcoin-qt developer/hacker will have the keys for all address.
What is the best way to be absolutely sure my address is random|?
Has anyone ever thought about this issue?
Thank You.
This problem is what I created Piper to solve. Piper is a permanently offline hardware paper wallet generator and printer and so much more powered by the Raspberry Pi platform. It gets it's randomness from a hardware random number generator that uses thermal gradients to produce entropy.
How do you know it safe though? It uses community-accepted methods to do the key generation, and it's open source, so you can easily check the code yourself and make sure it's not doing anything sketchy. All Piper software is written in python so the source is included, and it's not a lot of python so I believe most programmers could fully audit the code in a short period of time. The only non-python part of the key generation is vanitygen. But the source for vanitygen is included, and you can easily build it by typing "make' and then compare the binary you just built to the one used by Piper by doing an MD5 hash on both. You can also compare the code on Piper to the code in the vanitygen github repo to make sure there is no foul play there as well.
So if you want a turnkey solution to this problem, check out
https://piperwallet.com