Nobody has really given any counter argument to math i have provided. I gave different propability scenarios that should give some kind of hints. It's true that:
- If you prove that bruteforcing through all password combinations takes 1000000 years, how likely is it that someone can optimize the algoritm by 99.9999% so that calculation is done in reasonable time?
- You don't have to bruteforce the full range of random words, just up till first match. You may be lucky sooner or later.
- If no salt is involved, you can use many optimizations like premade lists that guess by ignoring unlikely words like aaa*, bbg* and so forth. There can be alot more optimizations i don't know about.
- If hackers get to know salt algorithm they wouldn't need to go through all 128-256 lengths, but usual 8-10 char lengths that are unsalted passwords.

This wasn't Steam talk now. There is nothing to discuss about it as long as we have no details on how their systems work. In general, if hackers get access to passwords its fault of other things. Low security systems. Most hacked sites that get news popularity propably had their passwords stored as plaintext. Properly encrypted system is truly unbreakable, there's just too many web hosters that make errors in 1 thing or another. It is tough to protect against all possible attacks, but that is a different topic.

It is that you make encryption sound as breakable as cookie that makes me defend it so heavily. To give another simple example, if i selfkeep a 256 bit xor key for text, how would you be able to crack the text? Nobody could, in million years.