Hi Mycroft, I’m a prospective user interested in talking/listening posts designed by knowledgeable experts with reputable backing.
Your installation instructions [1] say that the encryption protocol for SSH is “ssh-rsa”; however, this seems to go against the “future deprecation notice” from the latest release of OpenSSH [2]. Is your system set up to work with other key types?
Assuming an adversary has read access to the public key and a big-enough budget to compute collisions, is there currently a threat of unexpected third-party access?
I would be interested to read a full-stack security analysis complete with proofs that the Mycroft2 communication protocol cannot be used for intrusion. Does such a document exist?
Thanks,
–Brad
[1] Mark II - Mycroft AI
[2] https://www.openssh.com/txt/release-8.5