Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Someone needs to get in that cable and steam must send the data in plain text for any reason?
When you log into steam
1) the page is in HTTPS so you’d have to crack that
2) steam goes one stop further and encrypts the password BEFORE it hits the HTTPS tunnel. This is the main reason why Steam was not vulnerable to the Heartbleed exploit
So someone in your dorm not only has to be sitting on an undisclosed TLS 1.2 exploit that is easily with several million dollars on the black market, but is also an encryption genius too.
And is using them to steam accounts? As opposed to like maybe cleaning out every bank on the planet
The answer is: no someone cannot get your credentials even if they’re sniffing all the traffic on your port.
Having a root certificate doesnt compromise the connection unless the attacker has access to the proxy where the decryption happens and ha sthe private key. This would only be accessable to admins of the system and not any run of the mill users happening to be on the same network
Even if a corrupted sysadmin was viewing decrypted ssl packets on the ssl concentrator, your account cannot be compromised
https://steamcommunity.com/discussions/forum/1/558753803871262454/#c558753803906627297
Steam already encrypts your password BEFORE it hits the wire. Thus even under the scenario of a corrupt sysadmin, they cannot view your password unless again this sysadmin somehow can break RSA 1024 bit encryption on the password
Your account cannot be compromised by using it on a non-secure network (which by defintiion is basically everywhere). You are no less safe on that network than you are using it at Starbucks.