Questions[seguridad]

Just starting 2018, almost all the world media are echoing a serious security flaw called Meltdown and Spectre, which especially affects computers with Intel processors.

• What is Meltdown and Spectre?
• Can it be corrected at the software level?

Hello, I have that a user can have one or several certificates and a certificate only belongs to one user.

this is the users entity

namespace AppBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * @ORM\Table(name="app_users")
 * @ORM\Entity(repositoryClass="AppBundle\Repository\UserRepository")
 */
class User implements UserInterface, \Serializable
{

     /**
     * @ORM\Column(type="integer")
     */
    private $idcertificado;


    /**
     * @ORM\ManyToOne(targetEntity="Certificado", inversedBy="users")
     * @ORM\JoinColumn(name="idcertificado", referencedColumnName="id")
     */
    private $certificado;

....

And the certified entity

namespace AppBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use Doctrine\Common\Collections\ArrayCollection;

/**
 * certificado
 *
 * @ORM\Table(name="certificado")
 * @ORM\Entity(repositoryClass="AppBundle\Repository\CertificadoRepository")
 */
class certificado
{

    /**
     * @ORM\OneToMany(targetEntity="User", mappedBy="certificado")
     */
    private $users;

    public function __construct()
    {
        $this->users = new ArrayCollection();
    }

....

The Controller to create a new user is

public function newAction(Request $request)
{
    $user = new User();
    $form = $this->createForm('AppBundle\Form\UserType', $user);
    $form->handleRequest($request);

    if ($form->isSubmitted() && $form->isValid()) {
        $encoder = $this->container->get('security.password_encoder');
        $encoded = $encoder->encodePassword($user, $user->getPassword());
        $user->setPassword($encoded);
        $user->setUsername($user->getEmail());
        $user->setRol('admin'');//Este solo es el rol de usuario
        $em = $this->getDoctrine()->getManager();
        $em->persist($user);
        $em->flush($user);

        return $this->redirectToRoute('user_show', array('id' => $user->getId()));
    }

    return $this->render('user/new.html.twig', array(
        'user' => $user,
        'form' => $form->createView(),
    ));
}

The form is

namespace AppBundle\Form;

use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;
use Symfony\Component\Form\Extension\Core\Type\PasswordType;
use Symfony\Component\Form\Extension\Core\Type\EmailType;
use Symfony\Component\Form\Extension\Core\Type\ChoiceType;

class UserType extends AbstractType
{
    /**
     * {@inheritdoc}
     */
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder->add('username')
        ->add('password',PasswordType::class)
        ->add('email',EmailType::class)
        ->add('isActive')
        ->add('idcertificado',ChoiceType::class, array(
    'choices'  => array(
        'Seleccione el rol' => null,
        'Basico' => 1,
        'Avanzado' => 2,
                       )));
    }

When saving the idcertificate it comes null. I do not understand why. This only happens to me with this. With the relationship of a normal entity this does not happen to me.

I'm learning pentesting with the book "Violent Python" (highly recommended) and one of the exercises is to generate a script to brute force a ZIP file encrypted with a password.

The script works very well when it comes to ZIP 2.0 (portable) encryption (128-Bit AES and 256-Bit AES algorithms are more secure and take longer to find). The issue is that it not only quickly finds the password when using a dictionary, but also finds more than one valid password and I don't understand it and I need to know why this happens.

The code used is the following:

1. ZIP file encrypted with the password: yoda

2. TXT file with 2300 single words

3. Script used:

   import zipfile
   from threading import Thread
   
   def extractFile(zFile, password):
       try:
           zFile.extractall(pwd=password)
           print '[+] Found password ' + password + '\n'
       except:
           pass
   
   def main():
       zFile = zipfile.ZipFile('archivo.zip')
       passFile = open('passwords.txt')
   
       for line in passFile.readlines():
           password = line.strip('\n')
           t = Thread(target=extractFile, args=(zFile, password))
           t.start()
   
   if __name__ == '__main__':
       main()
   

4. Result

   >>> 
   [+] Found password Carrie
   [+] Found password cocacola
   [+] Found password eagle1
   [+] Found password jean
   [+] Found password panda
   [+] Found password Grover
   [+] Found password cfi
   [+] Found password beautifu
   [+] Found password yoda <- lo puse al final del diccionario 
   >>> 
   

As you can see, it finds more than one password and worst of all, all these passwords work. That is, it is possible to decrypt the ZIP file with any of these passwords.

In order to investigate further, the questions are:

• What algorithm does ZIP use for this encryption?
• How is it possible to decrypt with more than one password?