I’m currently planning to finally move all my cryptos from my exchange over to a hardware wallet.
But before doing so, I want to minimize all possible attack vectors on private key / seed generation. That’s why I’m looking for input, if my current plan is state of the art or if there are any major flaws I’m not seeing.
I’ve read that quite a few people recommend generating your own seed (and not trust the RNG in the hardware wallet) to protect yourself from a possible flaw in the RNG of the device.
I was therefore planning on generating the entropy (and the corresponding seed) myself. One (in my eyes pretty well written and sound) how-to, that I might follow would be [https://estudiobitcoin.com/do-you-trust-your-seed-dont-generate-it-yourself/](https://estudiobitcoin.com/do-you-trust-your-seed-dont-generate-it-yourself/)
I was thinking about exchanging the coins trough a six-sided dice (or multiple, cycling trough them for each throw), treating numbers 1-3 as 0 and 4-6 as 1. Using this binary entropy, I would like to generate the 23 seed words “by hand” using the template from the website.
What I’m most unsure about is the generation of the 24th word/checksum. I know about the statement “never type your seed phrase into any other electronic device other than your hardware wallet”. Therefore I’m a little bit unsure how to accomplish the checksum generation. Currently my plan would be to take an old laptop (used to be my daily driver, so not specifically bought for the bitcoin seed generation), unplug any (internal and external) hard drive, boot a Linux Live DVD with deactivated wifi and generate the checksum using an offline copy of [Seedpicker](https://seedpicker.net/calculator/last-word.html) or [Ian Coleman’s tool](https://iancoleman.io/bip39/) (copied over via a USB thumb drive). Afterwards wipe the thumb drive or even destroy it physically.
I would now like to know, if my plans are following the correct procedure of if I’m actually missing a critical point.
Specifically two questions are not yet fully clear to me:
1.) Is there a better (i.e. faster) or more practical way of generating the entropy instead of using 1 coin/dice at a time. Is my way of entropy generation actually a good way?
2.) Is it safe to type the entropy/generate the seed on the air-gapped laptop in the specified way? As I said, the laptop is not brand new, so I was wondering if it would be possible that there might be a rootkit lingering somewhere in the hardware of the system (other than the hard drive) or if the use of the Live DVD should mitigate this.
Thanks in advance!