Creates new wallet with user-input randomness coupled with server side randomness
Can you please elaborate on this? How does the user provide randomness? How does the server couple the randomness with user input?
encrypts the private key with a password that is stored offline
Is this a raw password? Do you keep the raw passwords anywhere?
If so, this needs some sort of amelioration.
You should apply a hash function on the raw password and then encrypt the key with the result of the hash.
So instead of doing:
raw_pass = 1234Pass
priv_key = 3bfc9f8ec64e3b1b0c34b12df9a95ee794287ba99b5b46f1880592e237486d9a
enc = encrypt(priv_key, raw_pass)
you should do:
raw_pass=1234Pass
priv_key = 3bfc9f8ec64e3b1b0c34b12df9a95ee794287ba99b5b46f1880592e237486d9a
sha_256(raw_pass) = fc922ba852f16657615f7eecd50451dae563184c54cc08021fb6c732e1ca0cf6
enc = encrypt(priv_key, sha_256(raw_pass))