If the computer is offline, then the attacker would have to compromise your system's RNG. There is no other method to steal your money, if we assume that it'll remain offline forever. (or that it'll be formatted right after the generation)
If you cannot trust the integrity of your offline system, then you actually might have more things to worry about; the signature for the transaction it generates, whether it is generating the correct keys, etc. No one AFAIK has been attacked by someone compromising their RNG so far, because it is usually hardened. If you don't trust the OS, then the best way is to try to obtain the best source of entropy (radioactive decay, etc) and calculate everything by hand.Rolling a dice is randomly verifiable in contrast with an RNG. The sufficient entropy you've mentioned that is provided from my kernel isn't verifiable or at least, not same like with dice.
You cannot verify entropy. The 100 rolls, or however many rolls is usually insufficient to build a model to show that it has zero bias (or with the numbers evenly distributed). Most wallets includes various other variables to try to reduce their dependency on a single source within the OS. There is a very good reason why most known wallets don't allow their users to provide their own entropy out of the box. It usually doesn't end very well.I believe paranoia comes with large amounts. Wouldn't you roll the dice properly instead if you had 1000 BTC?
I would probably trust the group of people that made Bitcoin Core and the Linux Kernel than myself. Might just be me though.Of course, as I've said. If you've got any idea of what you're dealing with and accept the possible accompanying risks, then there's no problem.
