(is that the correct plural of Starium?) http://www.tactronix.com/s100.htm NOW TAKING PRE-ORDERS FOR DELIVERY IN DECEMBER 2001/JANUARY 2002 Very Limited Quantity Available A 50% Deposit Will Reserve Your Units Today!! 1-10 Units $995 USD Each 11-20 Units $936 USD Each 21-50 Units $884 USD Each 51 Units+ Call For Price What do people here think of this? My initial thoughts are: Pros: 1. Voice encryption is great. It's the Last Great Encryption Taboo (the other is file encryption, but that's not nearly as taboo as voice). I'm glad to see something on the market which addresses this. Obviously, all traffic, including saying hi to grandma, should be encrypted. 2. The unit looks very easy to use. I could travel anywhere in the world with it (well, anywhere that it's legal) and plug it in and press one button and it works. That's great. Cons: 1. I would like to see an open source reference software implementation, or some way to verify that there are no "naughty bits" in this thing. I know, open source isn't much of a business model, but with encryption products, it seems almost essential. 2. It's expensive. It costs more than a PC. However, $2k for two units is small compared to the value of data it could be securing, so for many users, the price will be fine. 3. A minor nitpick: It uses 3DES. What's wrong with AES? I think I would like to buy some of them, but I can't decide if I want to be an early adopter, or wait for cheaper and better versions to come out.
"Dr. Evil" wrote:
What do people here think of this? My initial thoughts are:
Cons:
<<1, 2, 3 snipped>> 4. It may be made illegal. Terrorists, money launderers, and paedophiles use them, you know.
I think I would like to buy some of them, but I can't decide if I want to be an early adopter, or wait for cheaper and better versions to come out.
If money isn't a major issue, get some now. Help convince the manufacturer that there's a consumer market. Thank you for paving the way and making it cheaper for the rest of us. <grin> -- Steve Furlong Computer Condottiere Have GNU, Will Travel 617-670-3793 "Good people do not need laws to tell them to act responsibly while bad people will find a way around the laws." -- Plato
At 03:06 AM 10/23/2001 +0000, Dr. Evil wrote:
(is that the correct plural of Starium?) http://www.tactronix.com/s100.htm NOW TAKING PRE-ORDERS FOR DELIVERY IN DECEMBER 2001/JANUARY 2002 Very Limited Quantity Available
Yee-hah! I'm glad that finally got worked out!
2. The unit looks very easy to use. I could travel anywhere in the world with it (well, anywhere that it's legal) and plug it in and press one button and it works. That's great.
Well, anywhere the phone jacks and dialing standards are compatible. You probably want to stop at Fry's or some overpriced airport shop and get a collection of different shaped phone jacks and alligator clips, if you're taking them to places with Funky Phone Standards.
Cons: 1. I would like to see an open source reference software implementation, or some way to verify that there are no "naughty bits" in this thing. I know, open source isn't much of a business model, but with encryption products, it seems almost essential.
Depends on whether the fire sale includes intellectual property or just parts. That's certainly a call for companies in this line of work to (preferably) do a "read-only open source" if they're not doing real openness, or at minimum do a source code / design escrow.
3. A minor nitpick: It uses 3DES. What's wrong with AES?
At the time they started, AES wasn't finalized. The main negatives about 3DES are that it's slow and ugly, plus it takes a bit too much code space and needs 168bits of key, but it's incredibly thoroughly studied and everybody trusts it. And 2048-bit Diffie-Hellman provides plenty of key bits, and when you're doing voice at 4800-24000kbps ( = 600-3000 Bytes/sec), the encryption isn't your big horsepower consumer, compared to the voice compression, and even if you do compression in ASICs, you still need to keep enough CPU around to do the Diffie-Hellman in reasonable amounts of time and handle connection handshaking, so 3DES isn't any big strain.
I don't understand why one would pay $1000 for a Starium device when comparable devices are available in the market place for less than half of that. The design goal for the new Starium boxes was sub-$100 retail. I doubt that design goal was met, but I would not pay a penny over $350 for one device. Which will still leave the seller with a nice profit. --Lucky
-----Original Message----- From: owner-cypherpunks@lne.com [mailto:owner-cypherpunks@lne.com] On Behalf Of Dr. Evil Sent: Monday, October 22, 2001 8:06 PM To: cypherpunks@lne.com Subject: FINALLY! we can buy Staria
(is that the correct plural of Starium?)
http://www.tactronix.com/s100.htm
NOW TAKING PRE-ORDERS FOR DELIVERY IN DECEMBER 2001/JANUARY 2002
Very Limited Quantity Available
A 50% Deposit Will Reserve Your Units Today!!
1-10 Units $995 USD Each
11-20 Units $936 USD Each
21-50 Units $884 USD Each
51 Units+ Call For Price
What do people here think of this? My initial thoughts are:
Pros:
1. Voice encryption is great. It's the Last Great Encryption Taboo (the other is file encryption, but that's not nearly as taboo as voice). I'm glad to see something on the market which addresses this. Obviously, all traffic, including saying hi to grandma, should be encrypted.
2. The unit looks very easy to use. I could travel anywhere in the world with it (well, anywhere that it's legal) and plug it in and press one button and it works. That's great.
Cons:
1. I would like to see an open source reference software implementation, or some way to verify that there are no "naughty bits" in this thing. I know, open source isn't much of a business model, but with encryption products, it seems almost essential.
2. It's expensive. It costs more than a PC. However, $2k for two units is small compared to the value of data it could be securing, so for many users, the price will be fine.
3. A minor nitpick: It uses 3DES. What's wrong with AES?
I think I would like to buy some of them, but I can't decide if I want to be an early adopter, or wait for cheaper and better versions to come out.
I don't understand why one would pay $1000 for a Starium device when comparable devices are available in the market place for less than half
Do you have any references for those? I'm in the market for a voice encryptor system. Are these devices really comparable in terms of ease of use?
of that. The design goal for the new Starium boxes was sub-$100 retail. I doubt that design goal was met, but I would not pay a penny over $350 for one device. Which will still leave the seller with a nice profit.
Yeah, I remember they were supposed to be much cheaper. Perhaps they will drop the price later. I'm sure they didn't pick this number casually. If this is something that a lawyer would use to communicate with a client in criminal defense cases, or for government use, for instances, then $2k/pair might be a very reasonable price. It does price it out of the consumer market, but how big is the consumer market for these things, even if they are $100 each?
"Dr. Evil" wrote:
I don't understand why one would pay $1000 for a Starium device when comparable devices are available in the market place for less than half
Do you have any references for those? ...
of that. The design goal for the new Starium boxes was sub-$100 retail. I doubt that design goal was met, but I would not pay a penny over $350 for one device. Which will still leave the seller with a nice profit.
Declan reported on 1999/08/12 that Starium planned to sell them "by early 2000" for under US$100. (http://www.wired.com/news/print/0,1294,21236,00.html) A Google search on "telephone encryption" yields: http://www.tccsecure.com/csd4100.htm - no price http://www.thespystore.com/telefax.htm - $249 http://shop.store.yahoo.com/spytechagency/telscram.html - $260 http://www.tscm.com/stu.html - several models, over US$5000 And others in the over-US$1000 range. Few details on the devices, though some of them mention an algorithm. (Including one which claimed 128-bit triple-DES. I'm not sure what to make of that.) There were several other statements on some pages which may have indicated either security holes or cluelessness on the part of the writer, but more likely indicate cluelessness on my part. -- Steve Furlong Computer Condottiere Have GNU, Will Travel 617-670-3793 "Good people do not need laws to tell them to act responsibly while bad people will find a way around the laws." -- Plato
http://www.tccsecure.com/csd4100.htm - no price
Great, no price and uses the world-famous DACE algorithm from Bell Labs. Next!
One unit is a "scrambler" which boasts "52,488 code combinations!" The other uses "rolling code scrambling", which I assume is not digital. Next!
http://shop.store.yahoo.com/spytechagency/telscram.html - $260
It's another "scrambler" which doesn't list the algorithm and boasts "thousands of key combinations." I suspect that it is an analog scrambler, not a true encryptor. Next!
http://www.tscm.com/stu.html - several models, over US$5000
Right, the Secure Telephone Units use solid security design and good algorithms. They are expensive. STUs can be used for classified information and they can be bought TEMPEST-spec. I assume that either these things are restricted to government contractors only, or if they are available to anyone with a credit card, they come with a backdoor. So, I checked all the URLs you gave me, and none of them, except the STU, use real encryption, and the STUs are either not available, or they are backdoored. Starium is competing with STUs. Not only does Starium have a catchier name, but they are a fifth of the price of a STU, they are cooler looking, and one could argue that they are less likely to have a backdoor.
And others in the over-US$1000 range.
Right, so Starium is price-competitive, easier to use, and possibly more secure. Oh, and they will sell to anyone who has money, unlike the STU sellers, I assume. I think their initial market are customers such as law enforcement, criminal defense lawyers, and executives who might compare this with a STU, and for whom $1000 vs $100 is no big deal. Government and law enforcement will think it's cheap compared to STUs. It's not approved for classified data (AFAIK) but that might not be a problem for law enforcement work.
"Dr. Evil" wrote:
So, I checked all the URLs you gave me, and none of them, except the STU, use real encryption, and the STUs are either not available, or they are backdoored.
Starium is competing with STUs. ...
And others in the over-US$1000 range.
Right, so Starium is price-competitive, easier to use, and possibly more secure. Oh, and they will sell to anyone who has money, unlike the STU sellers, I assume.
I think their initial market are customers such as law enforcement, criminal defense lawyers, and executives who might compare this with a STU, and for whom $1000 vs $100 is no big deal. ...
We probably need to define the product category we're discussing. I was listing devices which prevent casual interception, and which Joe Average might conceivably buy. The Starium is obviously more robust than that, and consequently more expensive. You asked in a previous message about the market size. For casual stuff, tens or hundreds of thousands in the US, if the device is in the $100 range. For the serious stuff, I think you nailed the market pretty well. One or two orders of magnitude less, if the device is in the $1000 range. Those numbers both assume no government interference, of course. -- Steve Furlong Computer Condottiere Have GNU, Will Travel 617-670-3793 "Good people do not need laws to tell them to act responsibly while bad people will find a way around the laws." -- Plato
We probably need to define the product category we're discussing. I was listing devices which prevent casual interception, and which Joe Average might conceivably buy. The Starium is obviously more robust than that, and consequently more expensive.
Right, exactly. When Starium was first announced, people were excited because it sounded like we were going to get industrial-strength stuff at consumer prices. That isn't reality, and now they are going to sell industrial-strength stuff at industrial prices. There's no way a complicated all-digital public key crypto device can compete on price with made-in-China analog scramblers, which are basically toys. That is not a smart fight to pick because the consumer who is just playing around doesn't know the difference under the hood. I'm glad they did the smart thing on this.
You asked in a previous message about the market size. For casual stuff, tens or hundreds of thousands in the US, if the device is in the $100 range. For the serious stuff, I think you nailed the market pretty well. One or two orders of magnitude less, if the device is in the $1000 range. Those numbers both assume no government interference, of course.
Sounds reasonable to me. I hope they do well, but I'm not giving them money until the devices are actually shipping. I think they do have a good chance because law enforcement and private security demand for these things might be pretty good these days.
At 02:14 AM 10/25/2001 +0000, Dr. Evil wrote:
Right, exactly. When Starium was first announced, people were excited because it sounded like we were going to get industrial-strength stuff at consumer prices. That isn't reality, and now they are going to sell industrial-strength stuff at industrial prices. There's no way a complicated all-digital public key crypto device can compete on price with made-in-China analog scramblers, which are basically toys.
Analog shouldn't really be cheaper than digital these days. A digital cellphone with roughly the same parts costs ~$100, and includes radio parts as well. The big costs of a device like this are - amortizing development costs - packaging for smallness and cuteness - designing for low power use. A sound card costs $5, a modem costs $10, a PC104 card is $$25-50; you should be able to integrate them on a board for a similar cost, as long as you don't mind a somewhat slow public-key step (or paying to license elliptic-curve algorithms), and if you don't mind the power and space from general-purpose designs, i.e. a simple, ugly, AC-powered board like the never-finished "Harmless Little Project". Real designs would eliminate most of the inter-card glue, and cut down on unused interfaces, and eventually put stuff in ASICs. But you have to run enough volume to amortize the development costs. If you want to do off-the-shelf today, probably the easiest choice is to start with a Compaq iPaq - they're about $500, and burn batteries too fast to be really ideal, but they're fast enough (unlike Palm) and include audio hardware (don't know if it's full-duplex), and you can hang modems on them. Some of the scrambler descriptions sounded like they were digital, not analog, but still had wimpy homemade crypto. My memories of the device that used Bell Labs crypto algorithms are that it was *probably* the "commercial-sale-approved weak crypto" version of the STU-III that we did back in the late 80s, and if so it's weaker than DES, but I haven't actually seen it. (We did multiple versions on that platform - the STU-III used NSA-supplied crypto chips, the Federal-Unclassified-Use version used single-DES, and I don't remember if the commercial one was exportable or not.)
On Thu, Oct 25, 2001 at 12:35:19AM -0700, Bill Stewart wrote:
At 02:14 AM 10/25/2001 +0000, Dr. Evil wrote:
Right, exactly. When Starium was first announced, people were excited because it sounded like we were going to get industrial-strength stuff at consumer prices. That isn't reality, and now they are going to sell industrial-strength stuff at industrial prices. There's no way a complicated all-digital public key crypto device can compete on price with made-in-China analog scramblers, which are basically toys.
http://www.siliconvalley.com/docs/news/svfront/054988.htm -- We are the Copyright Police. Come out with your hands up. (Cut-n-paste is a circumvention device.) Mark W. Schumann asr
On Thu, Oct 25, 2001 at 01:31:34AM -0000, Dr. Evil wrote:
Right, so Starium is price-competitive, easier to use, and possibly more secure. Oh, and they will sell to anyone who has money, unlike the STU sellers, I assume.
Right. I have a pair of Starium betas. They work. I'd recommend them. But the problem is that the purchaseable product doesn't exist. I went down to Carmel a few months ago and checked out the company. I love the ideas and the tech, but I wouldn't expect to see a product in the very near future. -Declan
On Wed, 24 Oct 2001, Declan McCullagh wrote:
Right. I have a pair of Starium betas. They work. I'd recommend them.
But the problem is that the purchaseable product doesn't exist. I went down to Carmel a few months ago and checked out the company. I love the ideas and the tech, but I wouldn't expect to see a product in the very near future.
What's this then? http://www.tactronix.com/s100.htm -MW-
I don't understand why one would pay $1000 for a Starium device when comparable devices are available in the market place for less than half
According to some news I encountered, Microsoft's latest 'consumer' OS fnord "XP" includes an audio/visual live 'chat' app. Ignoring for the moment its closed nature, and the fact that you can't be secure if your OS isn't, it would be a fantastic project to add crypto to that app, *merely* on the basis of its widespread Joe Sixpack deployment. I have not calculated the MIPS requirements, but since the chat app runs (supposedly acceptably) at 56Kbaud one imagines there might be cycles to spare. Or that some users will endure the framerate drop if not. dh
On Wed, Oct 24, 2001 at 04:27:25PM -0700, Lucky Green wrote: | I don't understand why one would pay $1000 for a Starium device when | comparable devices are available in the market place for less than half | of that. The design goal for the new Starium boxes was sub-$100 retail. | I doubt that design goal was met, but I would not pay a penny over $350 | for one device. Which will still leave the seller with a nice profit. $249 is a magic price for consumer electronics, and I won't pay a penny over that. Not because it makes a huge difference to me, but I can't see them selling well enough to be widespread and have a network effect at $350. Adam | > -----Original Message----- | > From: owner-cypherpunks@lne.com | > [mailto:owner-cypherpunks@lne.com] On Behalf Of Dr. Evil | > Sent: Monday, October 22, 2001 8:06 PM | > To: cypherpunks@lne.com | > Subject: FINALLY! we can buy Staria | > | > | > (is that the correct plural of Starium?) | > | > http://www.tactronix.com/s100.htm | > | > NOW TAKING PRE-ORDERS FOR DELIVERY IN DECEMBER 2001/JANUARY 2002 | > | > Very Limited Quantity Available | > | > A 50% Deposit Will Reserve Your Units Today!! | > | > 1-10 Units $995 USD Each | > | > 11-20 Units $936 USD Each | > | > 21-50 Units $884 USD Each | > | > 51 Units+ Call For Price | > | > What do people here think of this? My initial thoughts are: | > | > Pros: | > | > 1. Voice encryption is great. It's the Last Great Encryption Taboo | > (the other is file encryption, but that's not nearly as taboo as | > voice). I'm glad to see something on the market which addresses | > this. Obviously, all traffic, including saying hi to grandma, | > should be encrypted. | > | > 2. The unit looks very easy to use. I could travel anywhere in the | > world with it (well, anywhere that it's legal) and plug it in and | > press one button and it works. That's great. | > | > Cons: | > | > 1. I would like to see an open source reference software | > implementation, or some way to verify that there are no "naughty | > bits" in this thing. I know, open source isn't much of a business | > model, but with encryption products, it seems almost essential. | > | > 2. It's expensive. It costs more than a PC. However, $2k for two | > units is small compared to the value of data it could be securing, | > so for many users, the price will be fine. | > | > 3. A minor nitpick: It uses 3DES. What's wrong with AES? | > | > I think I would like to buy some of them, but I can't decide | > if I want to be an early adopter, or wait for cheaper and | > better versions to come out. -- "It is seldom that liberty of any kind is lost all at once." -Hume
I happened to hear from Lee Caplin of Starium today. They've apparently (I'm looking at Lee's email message while typing this, but I don't wish to speak for them) abandoned plans to sell the bump-in-a-wire device. Now they're thinking of marketing a small RJ11'd cryptophone an executive would carry around. Also, Lee says Starium has filed for patents on a desk phone, answering machine and conference phone. -Declan On Tue, Oct 23, 2001 at 03:06:29AM -0000, Dr. Evil wrote:
(is that the correct plural of Starium?)
http://www.tactronix.com/s100.htm
NOW TAKING PRE-ORDERS FOR DELIVERY IN DECEMBER 2001/JANUARY 2002
Very Limited Quantity Available
A 50% Deposit Will Reserve Your Units Today!!
1-10 Units $995 USD Each
11-20 Units $936 USD Each
21-50 Units $884 USD Each
51 Units+ Call For Price
What do people here think of this? My initial thoughts are:
Pros:
1. Voice encryption is great. It's the Last Great Encryption Taboo (the other is file encryption, but that's not nearly as taboo as voice). I'm glad to see something on the market which addresses this. Obviously, all traffic, including saying hi to grandma, should be encrypted.
2. The unit looks very easy to use. I could travel anywhere in the world with it (well, anywhere that it's legal) and plug it in and press one button and it works. That's great.
Cons:
1. I would like to see an open source reference software implementation, or some way to verify that there are no "naughty bits" in this thing. I know, open source isn't much of a business model, but with encryption products, it seems almost essential.
2. It's expensive. It costs more than a PC. However, $2k for two units is small compared to the value of data it could be securing, so for many users, the price will be fine.
3. A minor nitpick: It uses 3DES. What's wrong with AES?
I think I would like to buy some of them, but I can't decide if I want to be an early adopter, or wait for cheaper and better versions to come out.
I happened to hear from Lee Caplin of Starium today. They've apparently (I'm looking at Lee's email message while typing this, but I don't wish to speak for them) abandoned plans to sell the bump-in-a-wire device. Now they're thinking of marketing a small RJ11'd cryptophone an executive would carry around. Also, Lee says Starium has filed for patents on a desk phone, answering machine and conference phone.
I understand their original reasons for the bump-in-the-wire model, but I'm glad to hear they are making a cryptophone, because I don't really want to have some other device there. I want it integrated. I'll wait to see what they come out with. Another thing that would be even more cool would be a cordless phone. I will certainly buy these things when they are shipping them, if they are somewhere in the $1000 range.
participants (9)
-
Adam Shostack -
Bill Stewart -
David Honig -
Declan McCullagh -
Dr. Evil -
Heinz-Juergen 'Tom' Keller -
Lucky Green -
Meyer Wolfsheim -
Steve Furlong