Blog Posts
Why Open Source?
All of our development efforts at SR2 Communications are released under an open source licence. This is often a condition of the grants that fund our work but we don’t just use the licences to meet contractual requirements. We strongly believe that open source software is the best way to approach the technical needs of civil society organisations.
Kerckhoffs’s Principle is one guiding idea in this approach. The principle holds that a cryptosystem should be secure, even if everything about the system, except the key, is public knowledge1. Kerckhoffs’s principle was later phrased by the American mathematician Claude Shannon as “the enemy knows the system”.
SR2 Communications Achieves Cyber Essentials Certification
We’re pleased to announce that SR2 Communications has achieved Cyber Essentials certification, the UK government’s baseline standard for cyber security. This milestone represents an important addition to our existing security practices and reinforces our dedication to protecting the organisations we serve.
Butter Box Portal Improvements
As part of our latest development project with the Guardian Project team, we have re-engineered the Butter Box portal interface. This post describes the design choices and improvements within the new portal.
Butter Box Connectivity
We have just wrapped up a project with the Guardian Project team exploring options for connectivity to allow for updates to software and content on the Butter Box and for communications between users of multiple Butter Boxes.
Python Backend Developer Opening
SR2 Communications develops technology to support individuals, journalism publications, and civil society organisations with their digital security needs. This ranges from secure hosting of an off-the-shelf application to bespoke development of novel software to fill a niche requirement.
Using TLS ECH from Python
At first, the idea of encrypting more of the metadata found inside the initial packet (the “ClientHello”) of a TLS connection may seem simple and obvious, but there are of course reasons that this wasn’t done right from the start. In this post I will describe the flow of a connection using Encrypted Client Hello (ECH) to protect the metadata fields, and present a working code example using a fork of CPython built with DEfO project’s OpenSSL fork to connect to ECH-enabled HTTPS servers.