cryptochat's Introduction

Hello, I'm Halil Ibrahim Deniz!

💫 About Me

Hello, I'm Halil Ibrahim. At the age of 23 and with a high school diploma in hand, I've nurtured an immense passion for the dynamic worlds of cybersecurity and programming. My journey has led me to delve deep into programming languages like Python, Java, and Rust, each of which I've applied in real-world scenarios. I've had the privilege of using these skills to assist a prominent website dedicated exclusively to cybersecurity, enhancing its infrastructure and fortifying its defenses. I also share my evolving knowledge and experiences through in-depth articles on my blog each week. To further serve the programming community, I release an open-source project on my GitHub account on a weekly basis. Continuous learning is at the heart of my ethos; alongside refining my technical expertise, I'm earnestly working to elevate my command over English and to embrace the challenges of learning German.

🌐 Socials:

📖 My Book

Python Learning Roadmap in 30 Days: here
You can look here for the Practical Posts I share.
Mastering Scapy: A Comprehensive Guide to Network Analysis
Beginning Your Journey in Programming and Cybersecurity - Navigating the Digital Future

Skills

Cybersecurity

Network Security

Network security is one of the most important topics in cybersecurity. I'm trying to specialize in network security to keep my network safe.
My network security skills include fundamental topics such as secure encryption protocols, secure network configuration, and firewalls. I can also perform network security tests using different tools like network scanners, port scanning tools, and network analysis tools.

Cybersecurity Tools

I'm constantly trying to improve myself by using different tools used in cybersecurity. These tools include various tools such as Nmap, Metasploit Framework, Wireshark, and Kali Linux.
By simulating different cyber attack scenarios using these tools, I can test defense mechanisms and improve network security.

Programming

Python Programming

Python is one of the programming languages I know the best. I'm highly skilled in software development using this language and have developed solutions for many different projects using Python.
My Python skills include different topics such as data structures, functions, object-oriented programming, GUI programming, and web development. I also work on different areas such as artificial intelligence, data science, and machine learning using Python.

C++ Programming

C++ is one of my favorite programming languages for software development. Since I started developing software in this language, I'm constantly trying to improve my C++ skills.
My C++ skills include fundamental topics such as data structures, algorithms, memory management, and object-oriented programming. I also work on different areas such as game development using C++.

Hardware

Microcontroller Programming

Microcontroller programming is one of my favorite areas of expertise in hardware. In this area, I mainly work on platforms such as Arduino and Raspberry Pi.

Interests

Learning foreign languages: Learning languages is an important hobby for me. Currently, I'm improving my English and learning German. I also plan to learn other languages in the future.
Knowledge Sharing: I always like to share the information I learn on my website called DenizHali with people in the most descriptive way.

📊 GitHub Stats:

Launguages

Technologies

Badges

Certificates

I have achieved the following certificates:

Contact

Linktr : https://linktr.ee/halildeniz
Email : [email protected]
Linkedin : https://www.linkedin.com/in/halil-ibrahim-deniz/
TryHackMe: https://tryhackme.com/p/halilovic
Instagram: https://www.instagram.com/deniz.halil333/
YouTube : https://www.youtube.com/c/HalilDeniz
Mysite : https://denizhalil.com/

💰 You can help me by Donating

Thank you for considering supporting me! Your support enables me to dedicate more time and effort to creating useful tools and developing new projects. By contributing, you're not only helping me improve existing tools but also inspiring new ideas and innovations. Your support plays a vital role in the growth of this project and future endeavors. Together, let's continue building and learning. Thank you!"

cryptochat's People

Contributors

Stargazers

Watchers

cryptochat's Issues

Security Vulnerabilities in Python Chat Application - Action Required 🚨

Hey @HalilDeniz !

I would like to bring to your attention some critical security concerns discovered in the current implementation of your Python chat application. It has come to my notice that the application, while claiming end-to-end encryption, decrypts messages on the server side, introducing potential vulnerabilities. This compromises the privacy and security assurances that end-to-end encryption is designed to provide. The following points highlight key areas of concern and suggested improvements.

Hope it'll help ! Good luck !

b35363

False End-to-End Encryption Claims

Decrypting messages on the server undermines the purpose of end-to-end encryption, making it vulnerable to unauthorized access. Messages should only be decrypted on the client side.

try:
    encrypted_message = self.client_socket.recv(1024)
    message = cipher.decrypt(encrypted_message).decode('utf-8') # this is a big NO-NO !
    # ...
except:
    pass

Problem: The application falsely claims end-to-end encryption, but messages are decrypted on the server side, compromising the integrity of the encryption model.

Recommendation:

Avoid decrypting messages on the server to maintain true end-to-end encryption. Messages should only be decrypted on the client side. You should separate encrypted message payloads and remote procedure calls and metadata.
Catching a broad except without specific exceptions makes debugging difficult. It's recommended to catch specific exceptions and log detailed error messages.

Insecure Key Derivation:

password = args.key.encode()
key = hashlib.sha256(password).digest()  # technically a good idea, but not that secure -_-
fernet_key = base64.urlsafe_b64encode(key)
cipher = Fernet(fernet_key)

Problem:
The encryption key is derived using a simple SHA-256 hash of the password, which is not considered as a secure key derivation.