Hey, welcome to Bitcoin! I just stumbled across your thread, and was kind of disappointed you hadn't had more responses by now. I'll try to answer a few of your questions though.
(First, for clarity: I'll refer to the file containing your private keys (among other info) as your
wallet, and the software that manages the wallet and (usually) broadcasts your transactions as a
client.)
Wallets. I count no less than 7 different formats-- Qt, Electrum, Armory, Blockchain.info, Multibit, Paper, BIP 38. Not to mention any online wallet service. To what do you attribute the variety? Do you feel like the variety is a good or bad thing?
I feel the variety is a great strength. Since the private keys are standardized, the wallet formats can afford to be different, and as long as you can extract and save the private keys (or the wallet format isn't too complicated should you need to extract the private keys yourself by hand,) it's quite workable to have multiple clients using different wallet formats (although it would be great if all the clients allowed you to import wallets in other formats, or at least allowed export and import in the standard Bitcoin-Qt format.)
Should a flaw be found in one client, or one wallet format, only a segment of the Bitcoin community will be at risk, not the entire community. Just like biodiversity keeps entire ecospheres from complete collapse should some unexpected calamity arise, I feel diversity in clients (and by extension wallet formats) does the same thing.
How do you choose a format?
I'd say based on client features. Beginners generally want (need?) something faster and less complicated. A thin client, especially something like the Mycelium wallet app for Android makes a better choice. For someone who knows his way around Bitcoin and wants to support the network with a full client, Bitcoin-Qt might make more sense. For hardcore users who want the best in security, Armory is the clear choice.
What makes a good wallet?
Again, it mainly comes down to, "does this client best support the features I need?" But that said, one thing to watch for is to give strong, strong preference to clients that don't give third parties access to your private keys. I'd also suggest using a client that matches your degree of expertise... if you can handle Bitcoin-Qt, I'd recommend using it, even if you also use something else. Simpler clients like Mycelium or Electrum, even though they may only grant access to your keys to you, may rely on third-party servers for their speed and thinness. Having a rock-solid backup that also contributes to the network is something more advanced users should find desireable.
Is it possible to encrypt my wallet, and still have my family be able to access the funds when I die?
It depends on the client, but in most cases, yes!
Bitcoin-Qt can encrypt and backup your wallet. Copy the encrypted backup around, even give copies to your loved ones if you like. Just be sure to either make new backups regularly, or set the software to pre-generate an enormous number of change addresses, just in case. Then you can include the passphrase in your will, and they'll have access to the wallet.
Mycelium has an excellent backup system that generates a PDF for an encrypted paper version of the wallet, along with a password for that specific PDF. You can store the password with the (printed or electronic) PDF, or store them separately such that your family gains access to both the PDF and the password upon your death.
Those are the only two clients I've used extensively; from what I understand, most other clients have other methods of allowing encryption and backup of your wallet (for example, I believe Electrum uses a single passphrase that can recreate the entire wallet.)
I found many threads like
this one, which describe processes for offline wallets, but recent developments left me skeptical of my computer's random number generator.
You have good reason to be wary of PRNGs, both as a source of generating new private keys, and as a source of entropy for individual transactions. IIRC, as far as Bitcoin transactions go, it's possible to craft them without even relying on random numbers, and I believe the suggestion has already been made to the core development team. Considering how it's done, I see no reason why other client developers couldn't implement it right away, or why you couldn't implement it yourself. (You just use the hash of the transaction as the random number.)
So what to do? I am attracted to BIP 38, because it seems like a straightforward 2-factor authentication system, but why is it so complicated?
I just discovered and did some reading on BIP 38 myself. It is impressive, isn't it? (For the record, Mycelium now supports it.)
It does not seem to be widely accepted either (blockchain.info did not recognize my BIP 38 encrypted QR code as a private key). Why is it
worth 20 BTC just to program BIP decryption? Why are all the wallets so complicated? Why aren't wallets just AES.COUNTER_MODE(Private Key) and Address? What component am I missing?
Well, BIP 38 is just a
very useful feature. It really changes the game as far as Bitcoin private key security goes.
As far as the complication, it comes back to the freedom that Bitcoin allows. Anyone can get in and use it, and if someone doesn't like a wallet format that's already out there--they don't think it encodes enough information, or feel it needs to be simpler, or that it needs to be deterministic, or whatever--then they're free to create their own.
And as far as death is concerned, do any wallets implement Shamirs secret sharing scheme, or something similar?
I'm not too familiar with that, but I seem to recall that m-of-n signature support for spending from an address has already been implemented into the Bitcoin-Qt client. So at the very least, if you have a single m-of-n address that holds the bulk of your coins you intend to leave to others, then you can distribute the keys for that address to multiple people, and if enough get together and pool their keys, they can access the funds.
So, should I just stop worrying and love the wallet?
The worrying is understandable, but unnecessary.
If you keep the bulk of your funds in cold storage, in the most simple format you feel comfortable with (so loved ones won't need to spend much effort to retrieve them,) you'll be fine.
TL;DR: Bitcoin will change the world. Is there a standard wallet that allows user input addresses (dice generated),
Mycelium and Blockchain.info do.
produces a variety of standard wallet formats,
This seems to be a big sticking point; I don't know that any allow this.
generates raw transactions offline,
I thought Blockchain.info allowed this? Maybe not.
does not download the entire blockchain,
Mycelium, Electrum, Blockchain.info
is able to implement a secret sharing scheme,
Bitcoin-Qt offers m-of-n signature support, and passphrase-encrypted wallets. Mycelium offers password-encoded PDFs. Electrum's seed passphrase can be broken into separate words (or groups of words) and distributed to others.
and can run on an operating system smaller than 100MBs?
Not asking a whole lot now, are we?
That's alright; surely Electrum or Bitcoin-Qt can run on whatever version of Linux you like (not sure about the others.) And we can probably expect the clients to get better with every generation (I'd say we're really only on generation 2 or 3 so far.)
