Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
That's a really good explanation as it helped me understand the actual process that occurs. I'd say its a fair assumption that since epic isn't offering the service, that it would be in the best interest to keep release at the same time. I think of course that also allows for the skeptical people to think it might increase returns if say steam users started discussing any problems since they could access it first and make EGS owners refund. I wouldn't go that far because honestly, that's exactly how corporate would think even if the game is pure magic. So it's most logical that it's just an issue of lining up access as tight as possible due to what you said.
Under the Steam preload system, ALL ALL ALL of the distribution is encrypted. It's all just a big blob of files that when accessed appears to be random noise - because it is 100% encrypted. IIRC the encryption key is AES-256, which is very strong standards-based algorithm and is highly-resistant to cracking. It is the fact that the entire distribution is encrypted, that causes the noticeable delay during which decryption happens when the key is distributed for a large game release.
The people who design these preload encryption systems understand what they are protecting, and they know that their job is not just to prevent the game from being played, but also is to prevent the assets of the game from being datamined. Preventing datamining is not an afterthought, it is a primary requirement.
THEORETICALLY, everything can be cracked. But in this particular circumstance, the encrypted data is only available for typically 24 or 48 hours until the decryption key is freely distributed. So the only impactful crack would require the encryption to be cracked during that 24 to 48 hour window.
Is it possible that a nation-state has adequate resources to perform a crack of AES-256 in 24 to 48 hours? It's "possible", although we don't see our own intelligence agencies sounding the alarm about use of AES-256 that would certainly be sounded if our intelligence agencies thought that AES-256 could be cracked in 24 to 48 hours by a nation-state.
If a nation-state would have trouble doing it, any group other than a nation-state would take many orders of magnitude longer to pull-off the same crack. Nation-states can spend billions of dollars to build capability. A criminal organization is not able to make such expenditures (because doing so causes too large of a footprint, bringing law enforcement to the door of their data center, closing them down and arresting them).
The most effective way to crack the encryption in that period of time would likely be to try to use a crowbar - find somebody at Steam who has access to the encrypted-release pipeline, and hit them with a crowbar. However, such an encrypted-release pipelines likely use key protection hardware that requires multiple people to present their credentials in order to release a key. So the approach would be, kidnap somebody from Steam, and hold that person ransom for the decryption key, forcing Steam to release the decryption key in order to get the kidnapped person released.
Your "theoretically" exists ONLY in theory. Out here in the real world, the odds against it are so stacked, it's "impossible".
Is it possible that a nation-state has adequate resources to perform a crack of AES-256 in 24 to 48 hours? It's "possible", although we don't see our own intelligence agencies sounding the alarm about use of AES-256 that would certainly be sounded if our intelligence agencies thought that AES-256 could be cracked in 24 to 48 hours by a nation-state.
If a nation-state would have trouble doing it, any group other than a nation-state would take many orders of magnitude longer to pull-off the same crack. Nation-states can spend billions of dollars to build capability. A criminal organization is not able to make such expenditures (because doing so causes too large of a footprint, bringing law enforcement to the door of their data center, closing them down and arresting them).
The most effective way to crack the encryption in that period of time would likely be to try to use a crowbar - find somebody at Steam who has access to the encrypted-release pipeline, and hit them with a crowbar. However, such an encrypted-release pipelines likely use key protection hardware that requires multiple people to present their credentials in order to release a key. So the approach would be, kidnap somebody from Steam, and hold that person ransom for the decryption key, forcing Steam to release the decryption key in order to get the kidnapped person released.
Your "theoretically" exists ONLY in theory. Out here in the real world, the odds against it are so stacked, it's "impossible". [/quote]
What games have been impossible to crack?
The question is, what games' preload encrypted distributions were cracked AFTER their preload started, but BEFORE their release date when the keys were freely distributed?
I can't honestly answer that question, because I don't have enough visibility into the modding and criminal organizations who attempt to perform such cracks, nor do I have visibility into the publisher and provider organizations.
What I can say, is that the Steam developers DO have enough visibility into that environment, to know whether their preload distribution system is secure against the threat of cracks during the preload window.
If cracks were meaningfully happening, then the various publishers who use the preload system on Steam would get an indication it is happening. They would see social media traffic about people playing the game early, or they would see social media traffic about people putting out information mined from the distribution. If nobody is using the information they are theoretically datamining, then why are they even bothering to try to crack the distribution at all? They can just wait until release. So there WILL be signals about the crack having happened, because the entire point of even attempting such cracks is to be able to make enough waves to generate some form of profit from the crack - profit, whether money or social capital, means being loud.
The publishers in aggregate would see indications that the preload system is not secure, and they would talk to the Steam developers about it. The Steam developers would then be forced to find ways to improve their preload distribution - if the preload distribution isn't secure, then Steam as a platform is injured because they can't offer that option to publishers.
Under this analysis, we see that if the preload distribution system is not secure, Steam would not be offering it - to do so would be to sell a defective product to their publishers who use their platform. Steam is a very mature (and profitable!) platform. To have survived and grown to this point, means they are not an amateur organization. As with anybody, they can make mistakes, but as a mature organization, they will accept their mistakes and will work diligently to correct them - because they are profitable, and to stay profitable, they need to continue to manage themselves well.
You might as well give up as GSC has already stated that there will not be a preload.
Mol1t, a GSC employee confirming this in the official STALKER Discord [discord.com]
Its not gonna happen.