What's the greater risk?:
1) Using my method where it's a simple algorithm for me to remember the page number and location via a HUGE (and I mean HUGE) string of numbers - i.e. not your typical internet password. This wallet would exist in my head. Despite this, it's more vulnerable to attack because it doesn't have the entropy of a purely randomly generated number.
2) Using a randomly generated key which is less prone to attack, but is more easily forgotten or the details of which more easily lost. (This key would have to be stored somewhere physical, opening it up to being attacked in a way the first option wouldn't.)
I wonder what the figures are in terms of dollar value lost due to i) hacking ii) simply losing your private key.
I've already spoken to one guy who lost over 1000 bitcoin on a hard drive somewhere, and I bet most of you have heard similar stories. I would almost hazard that simple user clumsiness (i.e. option ii) is a greater threat to your wealth than being hacked.
I actually don't see why it's so terrible if I do it offline, air-gapped? Doesn't this directory list ALL potential private keys? It's not as if I'd use page 235 key 15 as my address...my choice would be far more sophisticated than that.
Using directory.io to choose your private key is a horrible idea, regardless of whether you are online or offline. Private keys are only secure if they are randomly generated using a cryptographically secure random number generator. By using directory.io (or any other list of private keys) to select your private keys manually, you are significantly reducing your security because humans are notoriously bad at securely generating random numbers. You as a human do not provide enough entropy to actually choose a random number randomly, which means that whatever private key you choose will be insecure and more likely to be easily brute forced.
