You are reading a single comment by @allObjects and its replies.
Click here to read the full conversation.
Espruino is a JavaScript interpreter for low-power Microcontrollers. This site is both a support community for Espruino and a place to share what you are working on.
@allObjects
It all depends what you want to protect.... and as clearly stated, if you can get physically your hands on a piece of hardware and it is running, due diligence will get anyone what they want.
For 'normal' security -protecting gathered data, for example - with the device not under power anymore, there are ways even with current means: the device asks over secure connection - as you mention - for the password and keeps it in volatile RAM, encrypts the data with it and stores it in a Flash EEPROM. Just make sure no phishing happens when credentials are exchanged (and the electronics cannot be unintendedly accessed). Using asymmetric encryption - with the public key - would make sure that it is practically impossible to get the content. The device can even retrieve that key over a connection, just authenticity of the source has to be guaranteed.