All Discussions > Steam Forums > Help and Tips > Topic Details
Cherry Aug 22, 2018 @ 11:22am
How good is the encryption for steam client?
Just moved into my dormroom and there is an ethernet hookup in the wall, and the college Im at blocks VPNs so that is out of the question. I'm wondering if someone could sniff packets from the steam client with a program, such as wireshark, and take control of my account. It may not be worth "a lot of money" but it's still a pretty penny to me and I would rather not get hacked just because I wanted a better education.

If people weren't jerks then this wouldn't be a problem.
Last edited by Cherry; Aug 22, 2018 @ 11:23am
The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.
Originally posted by Satoru:
Originally posted by Cherry:
Originally posted by Crashed:
VPN services are often used for illegal purposes, so this might be a reson there.
Yeah but I would use it for privacy. Its not really a big deal if im safe enough without one.

Your account cannot be compromised by using it on a non-secure network (which by defintiion is basically everywhere). You are no less safe on that network than you are using it at Starbucks.
< >
Showing 1-11 of 11 comments
< blank > Aug 22, 2018 @ 11:27am 
Download the steam app onto your phone, if you're worried about them accessing your phone through school wifi, don't connect to school wifi
#1
Muppet among Puppets Aug 22, 2018 @ 3:08pm 
So there is a cable?
Someone needs to get in that cable and steam must send the data in plain text for any reason?
#2
Satoru Aug 22, 2018 @ 4:01pm 
No

When you log into steam

1) the page is in HTTPS so you’d have to crack that
2) steam goes one stop further and encrypts the password BEFORE it hits the HTTPS tunnel. This is the main reason why Steam was not vulnerable to the Heartbleed exploit

So someone in your dorm not only has to be sitting on an undisclosed TLS 1.2 exploit that is easily with several million dollars on the black market, but is also an encryption genius too.

And is using them to steam accounts? As opposed to like maybe cleaning out every bank on the planet

The answer is: no someone cannot get your credentials even if they’re sniffing all the traffic on your port.
#3
Crashed Aug 22, 2018 @ 4:30pm 
Did your school force you to install a root certificate? If so, consider your connections compromised.
#4
Cherry Aug 22, 2018 @ 5:25pm 
Originally posted by Crashed:
Did your school force you to install a root certificate? If so, consider your connections compromised.
No, they just block me from buying VPNs. I dont think porn sites or whatever are banned but for some reason VPNs are.
#5
Crashed Aug 22, 2018 @ 5:45pm 
Originally posted by Cherry:
Originally posted by Crashed:
Did your school force you to install a root certificate? If so, consider your connections compromised.
No, they just block me from buying VPNs. I dont think porn sites or whatever are banned but for some reason VPNs are.
VPN services are often used for illegal purposes, so this might be a reson there.
#6
Cherry Aug 22, 2018 @ 6:29pm 
Originally posted by Crashed:
Originally posted by Cherry:
No, they just block me from buying VPNs. I dont think porn sites or whatever are banned but for some reason VPNs are.
VPN services are often used for illegal purposes, so this might be a reson there.
Yeah but I would use it for privacy. Its not really a big deal if im safe enough without one.
#7
Crashed Aug 22, 2018 @ 6:31pm 
Originally posted by Cherry:
Originally posted by Crashed:
VPN services are often used for illegal purposes, so this might be a reson there.
Yeah but I would use it for privacy. Its not really a big deal if im safe enough without one.
For just browsing (don't try to log in to Steam with it) have you tried Tor browser? It may be slow but it is free and the browser is designed to "forget" everything when you close it. If it works, you can even use the SOCKS proxy provided by the Tor client to tunnel pretty much anything TCP/IP.
#8
Satoru Aug 22, 2018 @ 6:47pm 
Originally posted by Crashed:
Did your school force you to install a root certificate? If so, consider your connections compromised.

Having a root certificate doesnt compromise the connection unless the attacker has access to the proxy where the decryption happens and ha sthe private key. This would only be accessable to admins of the system and not any run of the mill users happening to be on the same network

Even if a corrupted sysadmin was viewing decrypted ssl packets on the ssl concentrator, your account cannot be compromised

https://steamcommunity.com/discussions/forum/1/558753803871262454/#c558753803906627297

Steam already encrypts your password BEFORE it hits the wire. Thus even under the scenario of a corrupt sysadmin, they cannot view your password unless again this sysadmin somehow can break RSA 1024 bit encryption on the password
#9
The author of this thread has indicated that this post answers the original topic.
Satoru Aug 22, 2018 @ 6:49pm 
Originally posted by Cherry:
Originally posted by Crashed:
VPN services are often used for illegal purposes, so this might be a reson there.
Yeah but I would use it for privacy. Its not really a big deal if im safe enough without one.

Your account cannot be compromised by using it on a non-secure network (which by defintiion is basically everywhere). You are no less safe on that network than you are using it at Starbucks.
#10
Crashed Aug 23, 2018 @ 2:03am 
Originally posted by Satoru:
Originally posted by Crashed:
Did your school force you to install a root certificate? If so, consider your connections compromised.

Having a root certificate doesnt compromise the connection unless the attacker has access to the proxy where the decryption happens and ha sthe private key. This would only be accessable to admins of the system and not any run of the mill users happening to be on the same network

Even if a corrupted sysadmin was viewing decrypted ssl packets on the ssl concentrator, your account cannot be compromised

https://steamcommunity.com/discussions/forum/1/558753803871262454/#c558753803906627297

Steam already encrypts your password BEFORE it hits the wire. Thus even under the scenario of a corrupt sysadmin, they cannot view your password unless again this sysadmin somehow can break RSA 1024 bit encryption on the password
Actually a network administrator could force you to install a root so their systems can intercept your TLS connections. OP mentioned using the dorm room ethernet connection.
#11
< >
Showing 1-11 of 11 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Aug 22, 2018 @ 11:22am
Posts: 11
Start a New Discussion

Discussions Rules and Guidelines