[Discussion]Down the Qubes/Whonix rabbit hole.

I dove into Qubes 3.0/Whonix 11 as my daily OS about 2 months ago. I am now running Qubes 3.1 RC1/Whonix testers. Sometimes I have to stop myself from over compartmentalizing. It’s another issue of where to draw the security line. I have spent some time thinking over this issue, and moving this line around myself.

I would like to describe the way I have my system setup and take criticism or provoke discussion from other users on this over compartmentalization dilemma.

I’ll start with my templates:

  1. fedora-23
  2. whonix-gw
  3. whonix-ws

The templates stay disconnected to networking, and remain as they were when they were installed/authenticated. They remain as a bit of protection in case of a disaster. I always have this to fix my clones from.

I then clone these templates like below.
Format: <clone> -> <net vm>

  1. fedora-23-clone -> sys-update
  2. whonix-gw-clone -> sys-update
  3. whonix-ws-clone -> sys-update
  4. whonix-ws-clone-bitcoin -> sys-update
  5. whonix-ws-clone-chat -> sys-update
  6. whonix-ws-clone-server -> sys-update

In the case of clones 3, 4, 5, and 6; these clones then get the necessary software added to them for they’re specific purpose. The others get software updates. The clones use the proxy vm “sys-update” for software updates.

This is how my proxy vms look.
Format: <proxy vm> | <template> -> <net vm>

  1. sys-net | fedora23-clone -> n/a
  2. sys-firewall | fedora23-clone -> sys-net
  3. sys-update | whonix-gw-clone -> sys-firewall
  4. sys-web | whonix-gw-clone -> sys-firewall
  5. sys-btc | whonix-gw-clone -> sys-firewall
  6. sys-server | whonix-gw-clone -> sys-firewall
  7. sys-bridged | whonix-gw-clone -> sys-firewall (this proxy vm is only available if needed, not normally used)

Here is my app vms with brief explanation.
Format: <app vm> | <template> -> <net vm>

  1. usb | fedora-23-clone -> n/a
    For mounting all usb connected devices as outlined in the release notes for Qubes 3.1 RC1.

  2. vault | whonix-ws-clone-bitcoin -> n/a
    My gpg keys are kept here, and this is where all encryption, decryption, signing, etc. is done. This is where my passwords are stored. This is where bitcoin transactions are created and signed. This is where all things are written, proof read, and stored. Vault also serves as backup for sensitive data from other vms.

  3. media | whonix-ws-clone -> n/a
    This is for VLC. Playing media which has been downloaded on the web vm and then copied here.

  4. web | whonix-ws-clone -> sys-web
    Web browsing, downloading music, download youtube videos, etc. Sometimes push signed git commits.

  5. develop | whonix-ws-clone -> sys-web
    Clone gits, mess with developing things in experimental conditions. Not worried to destroy and rebuild if necessary. Sometimes push signed git commits here.

  6. chat | whonix-ws-clone-chat -> sys-web
    Different communication methods/clients. Email, im, irc, etc.

  7. btc | whonix-ws-clone-bitcoin -> sys-btc
    Signed bitcoin transactions are pushed. Some bitcoin applications that I do dev on are running here (when in stable condition) as well with a bitcoin node.

  8. server | whonix-ws-clone-server -> sys-server
    Serving up hidden services for various things: bitcoin full node, electrum node, etc.

Please tell me how far past the edge have I gone? Am I just giving myself some security theatre?

Good day,

This actually sounds like a very well crafted configuration, though I have a question about this:

How literally do you mean this? Do you have your passwords saved in plain text or in an encrypted container? And, are you using, easier to remember and safer, passphrases, rather then ordinary passwords?

Have a nice day,


How literally do you mean this?

I built KeePassX 2.0 from source and migrated my .kdb files. All passphrases are generated from /dev/urandom.

Good day,

ok, looking at how your passwords are encrypted using AES, 256 bit this shouldn’t be an issue then. However, please keep in mind that even twentie characters can be brute forced, if the means necessary to do this, are used. That’s why personally rather then using random passwords, I use 40+ character long passphrases, though which of the two is better is of course out for debate.

Have a nice day,


[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]