Monero Integration in Whonix

Anonymous edit Monero: Difference between revisions - Whonix

Advanced {{q_project_name}} users can investigate [monero-site/_i18n/ar/resources/user-guides/wallet_daemon_isolation_qubes_whonix.md at 6c25a8714b5f7c3863e91dac3fe48472c6b4b253 · 0xB44EFD8751077F97/monero-site · GitHub Wallet/Daemon Isolation]. In this configuration the Monero wallet does not have a network connection and is run on system that is virtually isolated from the daemon, which has all its traffic routed over Tor. This is untested by {{project_name}} maintainers.

Qubes gives the flexibility to easily create separate VMs for different purposes. First you will create a Whonix workstation for the daemon which will use a Whonix gateway for networking. Next, another Whonix workstation for the wallet with no connection to the network. For communication between the wallet and daemon you can make use of Qubes qrexec.
+
+
This is safer than other approaches which route the wallet’s rpc over a Tor hidden service, or that use physical isolation but still have networking to connect to the daemon. In this way you don’t need any network connection on the wallet, you preserve resources of the Tor network, and you incur less latency.

I am not sure that is correct:

In this configuration the Monero wallet does not have a network connection and is run on system that is virtually isolated from the daemon, which has all its traffic routed over Tor.

Quote monero-site/_i18n/ar/resources/user-guides/wallet_daemon_isolation_qubes_whonix.md at 6c25a8714b5f7c3863e91dac3fe48472c6b4b253 · 0xB44EFD8751077F97/monero-site · GitHub

For communication between the wallet and daemon you can make use of Qubes qrexec.

That qrexec connection is as good as a network connection. Different from a split (offline + watch-only) wallet Contents/docs/security/split-bitcoin.md at master · Qubes-Community/Contents · GitHub