[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

(Non-) Security Impact of Passwordless Whonix-Gateway user account?

What would be the security impact of a passwordless Whonix-Gateway user user account, if any?

background:

The conventional wisdom is “use strong Linux user account passwords”.

In Whonix documentation chapter Change Password it is currently recommended to change the default password of user user.

There is no recommendation how strong such a password should be. Due to Bruteforcing Linux User Account Passwords Protection and Online Password Cracking Restrictions the need for a strong password might be low.

Then there is also the question what is the threat model? Which threats are mitigated by changing the password of user user on Whonix-Gateway to different (or even strong) password?

The conventional wisdom “use strong Linux user account passwords” might be inapplicable.

  • Whonix-Gateway is a single-user system, not a multi-user system.
  • A Whonix-Gateway has no remote login by default and is neither recommended. If one wanted remote login, it would make more sense to setup remote login on the host operating system.
  • If Tor running under user debian-tor was compromised, that would be already catastrophic in the Whonix threat model. However, even then damage limitation of containing the compromise within the debian-tor user, preventing root compromise for the sake of protecting the virtualizer with the purpose of preventing a VM breaking would make sense. This does not require a (strong) user user password either, see Conclusions chapter of above wiki page.
  • If user sdwdate was compromised, I wouldn’t know what advantage a (strong) user user password would provide either.
  • What other attack surface is there related to Linux user accounts?

Other projects:

If we can conclude that a recommendation for (strong) user user password is obsolete, we could drop the recommendation in the wiki to change the user user password and even enable passwordless sudo for user user by default on Whonix-Gateway.

After considering this, a separate discussion for Whonix-Workstation can be created.


related:

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]