(Technically there is no “admin” password. Only a password for the root account. So “admin” and root acocunt is the same. This is mentioned here to satisfy common search engine results.)
(Edit by Patrick. Below post unmodified.)
i was kept wondering from the first time of using Whonix , why Whonix has a default root passowrd which is = changeme , and default username which is = user ?
why dont we give this opportunity to the user himself to decide which one he like to have at the Whonix installation stage ? like any other distro installation (Debain , Qubes , Ubuntu , Kali …etc).
(Technically there is no “admin” password. Only a password for the root account. So “admin” and root acocunt is the same. This is mentioned here to satisfy common search engine results.)
(Edit by Patrick. Below post unmodified.)
Because ‘technically’ there is “no installation”. Whonix images are pre-installed operating system images. The history of Whonix is that we started to ship downloadable VM images. What you might perceive as installation process, for example VirtualBox import is “not an installation”. It’s the same for any VM image that would be imported. There is no feature in virtualizers that would allow to inject code to do things at this stage. The code running for importing the images is solely by the virtualizer and modifying that would be non-trivial and require to maintain a fork of the virtualizer. To add such code on the operating system that hosts Whonix would be non-trivial and operating system specific. It would require to mount and modify the images. Too unimportant to put any effort into it. Would probably result in more bugs, and confusion, than what we have now. I see Qubes(-Whonix) as the evolution of this, since there are no passwords there.
can we have a tool or script or whatever that can randomize username & password for each new installation of whonix ? or at least the password ?
because if we can do that , then if the user is so noob to linux environment which he cant know how to change the root password and/or username = he is still safe as if he changed them at the beginning.
maybe u gonna ask how he will know his username and password ?
in two ways:-
1- its the same thing , it will appear in the terminal screen that your username&password is this and that please change them as soon as possible (if this sentence will even has a value anymore in this case)
2- we show him a message similar to timesync or whonixcheck say for e.g:- your username&password is this and that.
as hardend to point number 2 , we can put an icon saying:-
“whonix default username&password” which is containing the password&username of the WS or GW. because i suggested this hardening like if someone will ask " oh i closed the pop-up window of username & password at whonix startup where can i find them"
but whole point number 2 , is not needed if we can show the username&password inside the terminal screen.
so is this possible to happen inside whonix ?
edit: sorry not in the virtualbox page , it will better in the FAQ page.
well at least it as reference in case someone read the FAQ , because this explanation havent been mentioned in anywhere in the documentation. (tho it should be there)
Perhaps a FAQ. Where stuff that is really frequently asked. And a VFAQ.
A Virtual FAQ. Where random stuff goes that is good to know, that is not
really asked, but fits well into such useful-to-know list.
