Do you consider Qubes OS secure enough to store a crypto wallet seed in an “airgapped” non-networed AppVM? Or should I rather still use pen and paper?
1 Like
Why not use pen and paper?
(I am not an insider, just curious to know)
I think, the next answers will tell you to specify your threat model.
1 Like
Because you can’t encrypt paper, and it’s much easier to be stolen, damaged, or lost.
1 Like
Theoretically you could “encrypt paper”…just pause all VMs, run a RAM-based disposable and put your seed through an encryption algorithm and then note the encrypted output on a piece of paper; you best not forget the passphrase and exact method used, though 
Perhaps a viable alternative (though everything does indeed depend on your threat model, as @boreas pointed out already) is putting the seed into an encrypted vault (e.g. KeePass in an offline qube?) and setting up a USB security dongle as the authorization method (easy with KeePass).
That way no passphrases need to be remembered, but you best not lose that dongle…you could perhaps set up two dongles (both can individually unlock the vault) and put the other one into a safe deposit box with your bank. As far as security…if your QubesOS system is really compromised remotely (quite unlikely) then the attacker would have to wait until you unlock that vault, which, if you don’t store anything else in there, may be a long time; you may also want to not keep the vault in the system at all, just on some backup medium to make it even harder, but in any case, the threat model will tell you which method is the least likely to lead to a compromise or irrecoverable loss of your seed.
3 Likes
It depends on your threat model. I prefer a hardware-based workflow, but I am not confident that pen and paper are the ideal solution for me.