The Tinfoil Hat Guide Towards Securing Your Private Keys

If you're anything like me, you'd be quite paranoid most of the time concerned about the security of your hard earned money that you've placed in crypto, and it would probably drive you to the fringes of insanity to have the same old Windows PC that you've used for gaming, watching Netflix, and browsing every weird corner of the web, be used for accessing your wallet to be able to sign and send transactions across the network. And, with the recent debacle concerning the split between MyEtherWallet and MyCrypto, that surely didn't go lightly on you. Remember, a hacker would only need you to make that one mistake, aaand it's gone.

Today, I'll actually be guiding you through a way to generate a new Ethereum private key on a completely-isolated offline environment, and moreover, be able to generate signed transactions from your offline environment and copy them over to your online computer for broadcasting. With this method, your private keys never have to leave your secure offline environment for any reason whatsoever. The only thing that'll be leaving would be the signed transaction data, which is pretty much harmless and could never possibly compromise your private key.

First of all, we need to choose an appropriate offline environment to use for generating a new private key and generating signed transactions. I chose my Ubuntu machine that I had laying around for this purpose. It was an Acer Chromebook that I hacked a couple of years back to run Ubuntu and it has a damaged network card and thus can never go online even if I wanted to. Using a Linux distro as the OS for your offline environment is crucial here. We want to have a secure OS as we're going to be moving thumbdrives back and forth between our offline and online machines. Linux leaves no attack vectors for any viruses or trojans that spread through USB drives as it's pretty damn secure and Windows viruses basically don't run on it, you can read more on it here.

Next thing up, we'll be choosing the offline package we're going to be using, I personally chose the offline version of MyEtherWallet v3.11.3.2. I very much recommend downloading that exact version of the release, it's the last stable release by tayvano before this whole split thing happened. It's old enough to be well tested, implemented and to include every major ERC20 token that matters, and yet young enough to be prior to the split. You can get it here.
After you download the zip file, move it to a thumbdrive. I insist on having two thumbdrives, one that will be used to move data back and forth between your offline and online machines, and one that will be used specifically for storing your wallet's encrypted json file as cold storage. The latter should never ever be connected to your online machine after we're done here for any reason.

Connect the thumbdrive that holds the zip file you downloaded to your offline machine, unzip it, and open index.html inside the extracted folder. An offline version of MEW will pop up. You can now create a new offline wallet just as you would with the online version of MEW. Make sure to choose a fairly long alpha-numeric password with both caps. If you've never used MEW before, make sure to read their guides here to guide you through the finer details.

I insist on taking multiple physical paper backups of that new private key you just created and store them in private secure places (e.g. safes, lockers, etc.). Make sure no one else can have physical access to them. Also, make sure you store your json file inside the other thumbdrive that will be serving this specific purpose.

So great, we've just created a super-secure offline wallet. But, now we want to able to send and receive transactions with it. So, we now go to the send offline page. You'll be going to the official MEW site on your online computer and go to that same page. No worries, it's totally safe, the online page will only be used to calculate the nonce (which is basically the sending account's number of sent ETH transaction) and the gas amount (which is used to calculate the transaction fee) to use on your offline machine to be able to generate the offline transaction. Fill in the required data and hit "Generate Information" to generate the nonce and gas amount. Enter the values on your offline machine, specify the amount of ETH/tokens you want to be sending. Next, use your json file to access your sending wallet's private key. Finally, hit "Generate Transaction" to get the transaction data. Copy the signed transaction data to your online PC using the same thumbdrive that once held the MEW zip file. Paste it onto your online computer in the specified field and hit "Send Transaction" to broadcast the transaction across the network. Please do a couple of back and forth transactions using your newly generated wallet to verify.

Now you can rest for years to come knowing that your private keys are out of harm from any hackers out there. More on that, I suggest you take extra precautions: never have your public address be tied to your identity, and never share your net worth with the public. Otherwise, you're just asking to get hacked or even worse. The internet has some pretty dark corners and there are people out there who are ready to do just about anything for a high enough reward. So, be careful.