I’m looking for comments/ideas here.
I’m thinking of different ways to run programs which generate sensitive data like private keys. For example, the generation of paper wallets.
I’m asking out of interest, because each of these two has a downside, and I don’t know which is worst in terms of security. Which do you think would be the more secure approach?:
Using a device like a netbook which will never again be networked. The downside is that the software is taken to the device on a USB drive which is moved between various devices.
Using a desktop PC, temporarily disconnected from it’s network, booting from a DVD. Then using software from a CD/DVD to generate keys et cetera. The downside here is that the device will go subsequently go online.
I suppose I’m asking which is more likely - a ‘bad’ USB drive, or the threat of sensitive data persisting on the machine will will later be networked (in memory or on drives)?
Would it be worth detaching HDDs and SSDs from the ‘normally networked’ machine during the procedure?
Would it be worth using a new USB drive on the ‘non-networked’ device, then never using the USB drive in another machine?
I am curious to see where you all think the best balance lies…