[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Encryption in Whonix and/or on the Host

As I know, Whonix is not encrypted by default.

Why not? Would this not a good idea? I think it should be easy and unwanted mounting of the virtual disc would be protected?

Next point is running a Whonix on a Host without physical control (For example a server in a Datacenter).

How much is the benefit of encrypting the Host server?
(An Agency can work with a cold boot, memory freeze, exploit, trojan and so on, I know this!).
But I think this will avoid the access of other normal persons, do I am right with this?
Or is any Datacenter Admin a skilled adversary in this things and will break the encryption in his lunch hour?

Would be a good idea in theory, sure.

For VM images, this isn’t possible for technical reasons. (Or at least: not that anyone ever knew until now.) For details, see:

Better use full disk encryption on the host.

For physical isolation users, they are advised to set up full disk encryption during installation in the instructions.

How much is the benefit of encrypting the Host server?
If it's a root server, it at least highers the bar of security even though it's still a flawed concept, I'd still go for it.
But I think this will avoid the access of other normal persons, do I am right with this?
Depending on the server. If it's a root server, yes.
Or is any Datacenter Admin a skilled adversary in this things and will break the encryption in his lunch hour?
Depends. If it is a vserver, using the management console it is indeed simple enough to do it during lunch. For other types of servers, it depends on what hardware they have installed. Some data centers help with managing root servers as a service. They can simply plug in a device or even have it already plugged in and do it from the management console again. I guess the amount of protection from the data center has to be discussed with the data center itself. Perhaps look into Swedish pirate party / wikileaks hosting. The might be the best you can get nowadays. It will in any case do as source for inspiration.
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]