What would be the security impact of a passwordless Whonix-Gateway user
user account, if any?
The conventional wisdom is “use strong Linux user account passwords”.
In Whonix documentation chapter Change Password it is currently recommended to change the default password of user
There is no recommendation how strong such a password should be. Due to Bruteforcing Linux User Account Passwords Protection and Online Password Cracking Restrictions the need for a strong password might be low.
Then there is also the question what is the threat model? Which threats are mitigated by changing the password of user
user on Whonix-Gateway to different (or even strong) password?
The conventional wisdom “use strong Linux user account passwords” might be inapplicable.
- Whonix-Gateway is a single-user system, not a multi-user system.
- A Whonix-Gateway has no remote login by default and is neither recommended. If one wanted remote login, it would make more sense to setup remote login on the host operating system.
- If Tor running under user
debian-torwas compromised, that would be already catastrophic in the Whonix threat model. However, even then damage limitation of containing the compromise within the
debian-toruser, preventing root compromise for the sake of protecting the virtualizer with the purpose of preventing a VM breaking would make sense. This does not require a (strong) user
userpassword either, see Conclusions chapter of above wiki page.
- If user
sdwdatewas compromised, I wouldn’t know what advantage a (strong) user
userpassword would provide either.
- What other attack surface is there related to Linux user accounts?
- iPhone / Android does not require strong user passwords either.
- xkcd: Authorization
If we can conclude that a recommendation for (strong) user
user password is obsolete, we could drop the recommendation in the wiki to change the user
user password and even enable passwordless sudo for user
user by default on Whonix-Gateway.
After considering this, a separate discussion for Whonix-Workstation can be created.