Starium (was Re: article: german secure phone)

codehead at ix.netcom.com codehead at ix.netcom.com
Mon Jun 4 14:44:03 EDT 2001 

On Mon, 4 Jun 2001 10:21:06 -0700 (PDT), Bram Cohen <bram at gawth.com> 
wrote:

> On 4 Jun 2001, Perry E. Metzger wrote:
> 
> > I was unaware that Starium has ever released a product to be
> > compatible with, and a quick glance at their web site fails to reveal
> > products for sale. Am I mistaken on this? I would very much like to
> > buy their products if they existed...
> 
> I heard from an investor that they decided the first box was 'not secure
> enough' and spent a bunch more time and money building the second mox,
> which makes it harder to do physical snooping at either end, as a result
> of which they haven't shipped a product and are now imploding.
> 
> Said investor was quite insistent that not shipping the first model was
> necessary for security reasons. How not shipping enhances security I don't
> understand.
> 
> I'd have bought the first box (phone -> device -> regular phone jack,
> green light comes on if encrypted) if it had shipped for under
> $50. Hopefully someone will start selling them some day.
> 
> I *wouldn't* have bought the second one, since it wouldn't work with
> cordless phones, and frankly, I just don't care that much.

In the spring of 1999, at the request of a VC, I went to a garage. 
com meeting where one of the Starium versions was demonstrated.  At 
the time it was "a bump in the line" version, but instead of having a 
"green light" indicator, there was a 4-digit LCD display.

Eric Blossom said that the display showed the last four digits of the 
Diffie-Hellman key that was negotiated at the start of conversation.  
The participants in the conversation could read the digits off and 
confirm that there had not been a MITM attack.

An LED "encryption" indicator cannot give a clue as to whether such 
an attack has occurred.  However, I don't see how either an LED or a 
LCD display can defeat a physical attack where the board/chip(s) in 
the unit itself are replaced.

But I don't think this revision was necessarily what killed Starium's 
device.  The VC that I did the review for said that one of Starium's 
people told him that they really didn't intend to manufacture the 
device, but wanted to sell out the company to some large outfit that 
would.  Apparently no company wanted to pick them up at whatever 
price they were asking.

The rumor going around VC circles is that Starium burned through four 
megabucks before imploding.  As of spring, 1999, I believe that 
they'd already gone through almost half of that.

Too bad.  At their presentation, Starium execs said that they thought 
that the "bump in the line" model would sell for "under $100," and 
ASICs for cell phones could be manufactured in quantity for as little 
as $5 a pop.

Emily Sandblade




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list