It is, with the proper passphrase being hard to guess, I think you'll never have a problem in terms of hacking. The only thing that you'll ever worry about is keeping that piece of paper safe all the time.

How many characters should a passphrase have to be considered safe? Is there an accurate way to calculate this? Also can anyone explain me what the point of hardware wallets really is when a piece of paper just should do the job as well? (and without the potential risk of device damage)

if you are storing a big amount, i would use 2-3 different methods for that.

paper wallet
hardware wallet
Xapo Vault

...

There are actually tools out there that will allow you to come up with a stronge nough password where you don't need to be paranoid about someone ever bruteforcing this:

http://www.passwordmeter.com/

Use this. A 10 character password with some special characters, up and lower case and you are set. No one would crack a SHA256 pass like that.

Yes, provided your password has sufficient entropy.  The minimum entropy you'll need depends on your situation:

• Can you easily afford to lose your cold storage?
• Do you live among people you trust or do you travel/backpack a lot?

You'll probably want between 40 and 100 bits of entropy.

I strongly advise against thinking up your own password.  Rather than digging through your mind for existing information; generate random information and memorise it.  It's not difficulty to rack up provable entropy this way.  To give you an idea, here are some examples each of which had about about 64-bits of entropy (of course, don't use these precise examples):

A uniformly random 20-digit natural number (about 66.3 bits):
    77167661296005852823
14 uniformly random lower-case letters (about 65.8 bits):
    tefdszwmhuwyso
10 uniformly random letters (upper + lower), numbers, and 33 common symbols (about 64.1 bits):
    EVl2;C?m=[
6 uniformly random words from a list of 2048 simple words with a 2-bit checksum (64 bits, BIP0039):
    scissors artwork burger catch hospital august

I personally prefer the latter for memorability but you may disagree.


A tool which should be used with some care.  Notice for example that the poor password "HelloWorld!!11" scores 100%.

Bear in mind too that these tools are targetting a different use case, one with much weaker security needs.

I should have read this before making my own
i selected around 20 words from 3 languages with upper/lower case and some numbers that i can't remember ...

I am just a bit paranoid about everything, when it comes to storing large amounts of money... So I salvaged a old computer from old parts and I downloaded the whole bitaddress.org

site to that computer and disconnected it permanently. I then created loads of encrypted and BIP38 secured paper wallets and physically destroyed the computer with a hammer.

It was worth like $10 if I tried to sell it, but it's worth the total amount of coins I stored on these paper wallets, if someone managed to retrieve any information from the firmware

or harddrive or where ever they get this information from. I should say it 100% safe, if you never go online with the device you created those paper wallets on. Just keep them dry

and locked up and also in a fire protected area. 

you can find a list of hardware wallets here:

https://bt.irlbtc.com/view/899253.0

Do you think no one can crack SHA256 encryption and decryption? here in my country nothing is not imposible because some programer in my country has a professional skill for hacking sha256 they use it for hacking internet..... so do you think this is safe?