I will give feedback 
Until now, I am testing with “test” password with ‘sudo passwd root’
Whonix Gateway permit test password. no good 
But on user no
hellresistor via Whonix Forum:
I will give feedback
Until now, I am testing with “test” password with ‘sudo passwd root’
Whonix Gateway permit test password. no good
Whonix Workstation not permit test password. are good.
Are you suggesting pam-cracklib?
https://www.cyberciti.biz/faq/securing-passwords-libpam-cracklib-on-debian-ubuntu-linux/
See also:
1 Like
Yes, It’s that! 
Update about “Hell VMs” are good a little slow, because of USB2.0 controller as defined on VMWare machine( Debian Host) . I am using a USB Boot key … well … I need run PLPBT.iso (boot loader image to get USB on VM). with USB 3 controller enabled box, the PLPBT.iso won’t detect USB 
(VM into VM into VM into … 
)
I’ve better documented existing defenses just now. Please have a look here:
Which are attack scenarios / threat models remain in which cracking a linux user account password could still be attempted? Which compromised linux user account could try to bruteforce the password of which other linux user account?
Once we have an answer to that, we can add more defenses and/or consider pam-cracklib.
2 Likes
Was previously discussed here protect Linux user accounts against brute force attacks - #9 by madaidan
1 Like