Is it safe to install KeePassXC on Gateway?

Hello. When I start Whonix-Gateway machine for the first time, I need to change default user and root passwords. But there is no KeePassXC installed on Gateway by default.

The general recommendation from Whonix developers is NOT to install additional packages on Gateway machine.

So, the question is: should I store user and root Gateway passwords as a plain text or can I safely install KeePassXC on a Gateway machine in order to store them inside a secure .kdbx database?

The short answer is: More research and documentation is required to answer this question.


Long answer:

Given the current state of Linux account user separation in most if not all Linux desktop distributions…
(Details: Strong Linux User Account Isolation)
It’s a huge task to even research and document all the various views on this topic.

While often repeated and strongly implied as best practice “change passwords” at time of writing as it’s implemented now… No, at time of writing I think…

  • KeePassXC on Whonix-Gateway could be OK.
  • Password stored in plaintext on Whonix-Gateway could be OK.
  • Even passwordless sudo for user user in Whonix-Gateway… It could be challenging to describe a threat model where passwordless sudo for user user in Whonix-Gateway results in a bigger attack surface compared to using a strong sudo password for user user.
  • Could even argue the same for Whonix-Workstation.

If we had Multiple Boot Modes for Better Security: an Implementation of Untrusted Root then it might matter but it exists in no widespread fully Open Source Linux desktop distribution that I am aware of.

related: