Default apps should mirror TAILS OS

I think the default apps for Whonix should mirror TAILS (well at least the encryption and privacy related ones). Reason being because both is a complete OS with similar goals (one being able to communicate securely and anonymously). I think it will attract more users. That means including:


CRYPTSETUP I’m not sure why it isn’t included. You can create containers similar to TrueCrypt. Even if FDE isn’t an option, why isn’t creating containers is? There is even a GUI for it (that TAILS is considering including it) called ZuluCrypt. You can read about it here: [url=]Google Code Archive - Long-term storage for Google Code Project Hosting..

GTKHASH is a program that’s used to hash files. I use for my root password. It will promote a strong root password by simply hashing a weak one and outputting a 256 bit one if you use SHA256.

KEEPASSX has been discussed on here before. Patrick opted to stick with the other one (can’t remember the name off the top of my head). Keepassx includes a hefty password (and username, see below) generator. Keepassx is still being developed, however the latest version isn’t in Debian stable.

PIDGIN. It has been discussed on here before. Patrick opted against it.
Alternative: JITSI. Jitsi includes video chat. [url=][/url]

PWGEN would be a great addition to Whonix. Its good for disposable user names as it outputs short pronounceable passwords.
Alternative: APG. [url=][/url]

SSSS and GFSHARE. These are no brainers. I made a backup of my GPG private with gfshare!! I have 7 total shares and only need 4 to recreate my private key. I keep one in my email, one in my cloud service, one on my usb, one (in ascii format) on reddit, etc.

Whonix includes secure-delete. I don’t think that package should be include because the main use of it is “SDMEM” and since Whonix is a VM, its pretty much pointless. I myself use the “shred” command to delete files securely in Whonix and that is already included in the “core-utils” in Debian. For instance, find -type f -execdir shred -vz -n37 -u ‘{}’ ; command will delete and rename everything in your folder. Or shred -n1 -u for a single file. Secure-delete is unnecessary.



Pidgin, should be discussed in the pidgin thread to not rehash it here:


Password manager:


GTKHASH is a program that's used to hash files. I use for my root password. It will promote a strong root password by simply hashing a weak one and outputting a 256 bit one if you use SHA256.
Doing this is a bad idea. There is no magic shortcut to make a weak password strong. There are rainbow and hash tables. All the weak passwords and their corresponding encodings are already stored in some data bases. Any clever brutforce attacker tries such passwords. (That doesn't mean gtkhash is bad. It looks nice.)


Need to wait a long time until Whonix will be based on Debian stretch, so it can be installed from Debain “stable” by then.


Tails comparison:
In Tails installing it by default has more value, because it’s a live distribution where it’s hard to install packages, since those are lost after reboot. Unless you are using their package persistence which requires USB, which not everyone uses. Which is not a recommended way in Tails. (



Having said why the comparison with Tails doesn’t 100% apply here… What’s the added advantage having them installed by default?

One that I can see is that if there was documentation for those, then those documentation wouldn’t need to cover how to install those. Thus simplify usage documentation a bit.

Apart from this?

For example, ssss is not used by that many. It’s not that a simple story. Those clever enough to know about it and using it, do those suffer more by having to manually install it than those who don’t need to have it installed?

The thing is, if I implement feature request “install xyz by default”, I am getting another feature request “install less packages by default to make Whonix smaller”. You can’t make all of the people happy all of the time.


  • including gtkhash

The reason is… From Whonix 8 changelog:

  • added secure-delete, because it contains sfill, which can be used to zero out free space, which is required for disk shrinking

Also interesting, why package X is installed… See:


Your reasoning for not including the mentioned apps make sense. Whonix is fine the way it is.

Whonix isn’t as popular as TAILS. I thought maybe including the same apps would push more users (and hence more donations) to Whonix especially since its more secure (eq. those javascript exploits that targeted darknet markets don’t apply). I switched over from TAILS.

I understand the different goals of Whonix. It was just a thought.

Not including Electrum also is the way to go.