It all depends what you want to protect.... and as clearly stated, if you can get physically your hands on a piece of hardware and it is running, due diligence will get anyone what they want.
For 'normal' security -protecting gathered data, for example - with the device not under power anymore, there are ways even with current means: the device asks over secure connection - as you mention - for the password and keeps it in volatile RAM, encrypts the data with it and stores it in a Flash EEPROM. Just make sure no phishing happens when credentials are exchanged (and the electronics cannot be unintendedly accessed). Using asymmetric encryption - with the public key - would make sure that it is practically impossible to get the content. The device can even retrieve that key over a connection, just authenticity of the source has to be guaranteed.
© Espruino, powered by microcosm.
Report a problem