Tất cả thảo luận > Diễn đàn Steam > Help and Tips > Chi tiết chủ đề
Chủ đề này đã bị khoá
ger.Illuminat[um] 7 Thg05, 2015 @ 8:29am
Steam safe for brute force?
Hi!
I just had a curious discussion with someone who desperately needed to know my actual steamaccount name.
My question is simple: Is it possible with help of a brute force attack to get into someone's steam account? Or is it somehow protected?
I use a pretty strong password in my opinion; 10 alphabetical, 2 capital the rest small, 2 Numbers and one special character and also Steamguard.
Could this someone potentially get into my account just with the known accountname?
I know there was once a possibility to get into an SteamGuard-protected account via a cr4cked steam.dll which injected itself somehow or something.
Am I safe?

Thanks!
greetings
< >
Đang hiển thị 1-15 trong 21 bình luận
Jony 7 Thg05, 2015 @ 8:30am 
лол
#1
Cathulhu 7 Thg05, 2015 @ 8:39am 
While Bruteforce is technically possible, Valve implemented safeguards against that. For example, if you enter a wrong password three times the account gets locked for 15 minutes.
That gives you only 20 tries an hour, 480 a day, 14400 a month.
Sounds much, but if you take into consideration that a password with 8 letters can have about 3.026×10^15 different combinations it would take quite some time to try all possible combinations, about 94.5 years to be exact.
I'm pretty sure Valve would notice a bruteforce attempt in way less than a week and take additional actions to protect the account.
Lần sửa cuối bởi Cathulhu; 7 Thg05, 2015 @ 8:40am
#2
ImmortalMan#GFS 7 Thg05, 2015 @ 8:42am 
м м
#3
Muppet among Puppets 7 Thg05, 2015 @ 8:43am 
Nguyên văn bởi ger.Illuminatum:
Hi!
I just had a curious discussion with someone who desperately needed to know my actual steamaccount name.
What was the "reason"?


See it that way: Your email address shows its account name all the time. So to say.
Do you think your email is unsafe after someone knows your email address?
#4
76561198016353073 7 Thg05, 2015 @ 8:44am 
help
#5
pdlzera 7 Thg05, 2015 @ 8:49am 
Vai Corinthians !!
#6
ger.Illuminat[um] 7 Thg05, 2015 @ 9:11am 
Hey!
Thank you all for your quick answers.

Nguyên văn bởi Cathulhu:
While Bruteforce is technically possible, Valve implemented safeguards against that. [...]
I'm pretty sure Valve would notice a bruteforce attempt in way less than a week and take additional actions to protect the account.
Okay, thanks!


Nguyên văn bởi Muppet among Puppets:
What was the "reason"?
I bought a Bioshock Key and it was already activated ._. I bought quite a few games and was never unhappy with this shop (a German shop, no chineese one or someting) and the support wanted picture proof of me typing in the key while seeing a list of my games (to see if it wasn't already activated or something, don't know). So I blacked out my accountname in the top right and the support didn't allow that as a proof, because the picture was obviosly edited.
Nguyên văn bởi Muppet among Puppets:
Do you think your email is unsafe after someone knows your email address?
Hm, that's quite an interesting comparison, I never thought of that.
Okay, I think as long they don't ask for my password to test if THEY could avtivate the key theirselves I have not much to fear :D
Thanks alot!

greetings
#7
NyaGPT 1 Thg08, 2015 @ 3:21pm 
What if someone knows your pass or that of a vualve empleye *cough* gaben *caugh* cuase he/she published it and manages to break in is that there or gaben fault:Nepgear:
Lần sửa cuối bởi NyaGPT; 1 Thg08, 2015 @ 3:22pm
#8
Cathulhu 1 Thg08, 2015 @ 3:25pm 
Valve does not safe passwords on their servers. No one with more than half a brain does that. You only safe hashes of passwords and SALT them so that even if someone obtains that data, he almost certainly can not use it, unless he spends half an eternity removing the SALT and reverse calculating the hash, both would take a very, very long time.

Unless you are utterly moronic like Sony and safe them in plain text.

For reference:
https://en.wikipedia.org/wiki/Hash_function
https://en.wikipedia.org/wiki/Salt_%28cryptography%29
#9
NyaGPT 1 Thg08, 2015 @ 3:26pm 
Nguyên văn bởi Cathulhu:
Valve does not safe passwords on their servers. No one with more than half a brain does that. You only safe hashes of passwords and SALT them so that even if someone obtains that data, he almost certainly can not use it, unless he spends half an eternity removing the SALT and reverse calculating the hash, both would take a very, very long time.

Unless you are utterly moronic like Sony and safe them in plain text.

For reference:
https://en.wikipedia.org/wiki/Hash_function
https://en.wikipedia.org/wiki/Salt_%28cryptography%29
still what if some1 hacks gaben
#10
Cathulhu 1 Thg08, 2015 @ 3:28pm 
At one time Gabe Newell gave away his Steam account name and passwords intentionally and still no one was able to enter his account:
http://www.escapistmagazine.com/forums/read/7.268638-Gabe-Newell-Gives-Away-Personal-Steam-Password
No one was able to enter it anyway.
Valve is not stupid.
Lần sửa cuối bởi Cathulhu; 1 Thg08, 2015 @ 3:29pm
#11
Tev 1 Thg08, 2015 @ 3:33pm 
Out of normal breaching, if put into numbers.

Unless things have changed much from 2011, it uses AES-256.

A 256bit encryption is the mathematical equivalent of 2^256 key possibilities. To put that into perspective, 2^32 is about 4.3 billion, and it keeps growing exponentially after that. What does this mean though? Well simply put, let’s say hypothetically all the super computers in the world (the ultimate brute force attack) decided to group up and tasked themselves to decrypt your AES-256 key so they could access your data. Assume they could look at 2^50 keys per second (which is approximately one quadrillion keys/second – a very generous assumption). A year is approximately 31,557,600 seconds. This means that by using the one billion super computers required to do this, they could check about 2^75 keys per year. At this rate it would take these computers 2^34 years (the age of our universe) to look at less than .01% of the entire key possibilities.
Lần sửa cuối bởi Tev; 1 Thg08, 2015 @ 3:34pm
#12
NyaGPT 1 Thg08, 2015 @ 3:46pm 
Nguyên văn bởi Cathulhu:
At one time Gabe Newell gave away his Steam account name and passwords intentionally and still no one was able to enter his account:
http://www.escapistmagazine.com/forums/read/7.268638-Gabe-Newell-Gives-Away-Personal-Steam-Password
No one was able to enter it anyway.
Valve is not stupid.
i got as far as the steam guard screen XD
but dont tell gaben i did:compa:
#13
El Cactus 1 Thg08, 2015 @ 4:07pm 
:x
#14
baajimyriam 1 Thg08, 2015 @ 4:07pm 
Even on 2004 brute force was useless.
#15
< >
Đang hiển thị 1-15 trong 21 bình luận
Mỗi trang: 1530 50

Tất cả thảo luận > Diễn đàn Steam > Help and Tips > Chi tiết chủ đề
Ngày đăng: 7 Thg05, 2015 @ 8:29am
Bài viết: 21
Tạo một thảo luận mới

Quy định & Hướng dẫn thảo luận