README: Secure Element

ryanamaral · ryanamaral · commit 7bc4522c69ac · 2023-01-26T00:54:44.000Z
diff --git a/README.md b/README.md
@@ -171,13 +171,14 @@ Alternatively, you can store the seed file elsewhere, but it is best to let the
 
 ## 🛡️ Security
 
-As a precaution, it is crucial to note that an individual with physical access to the device may potentially be able to compromise it, given sufficient time and effort.
-
+It's important to remember that if someone has physical access to the device, they may be able to compromise it with enough time and effort. However, even if the device is compromised, it is still hard to recreate the password generated by TurtlPass without access to the hash result of the inputs, such as the PIN code, app/domain, and user account, used in the client app.
+  
+  
 <details>
   <summary>Raspberry Pi Pico</summary>
   
-While the [Raspberry Pi Pico](https://thepihut.com/products/raspberry-pi-pico) (RP2040) is a useful device for development, it is not recommended for use in production settings. Due to the external ROM it utilizes, it is relatively easy to extract the firmware binary using [picotool](https://github.com/raspberrypi/picotool), making it challenging to protect against unauthorized access.
-
+It is important to note that the firmware binary on the Raspberry Pi Pico RP2040 can be easily extracted using [picotool](https://github.com/raspberrypi/picotool) due to its utilization of external ROM.  
+    
 Example on how to do just that:
 
 ```
@@ -188,12 +189,13 @@ Wrote 369000 bytes to firmware.uf2
 </details>
 
 <details>
-  <summary>Arduino RP2040 Connect</summary>
+  <summary>Secure Element (SE)</summary>
   
-The [Arduino RP2040 Connect](https://thepihut.com/products/arduino-nano-rp2040-connect) features the **ATECC608A Cryptographic Co-processor** that includes hardware storage for cryptographic keys however to access certain features on this chip we need to contact Microchip and sign an NDA contract.</details>
+Using a secure element such as the **ATECC608A/B** or **OPTIGA Trust X/M** for password generation can be a secure solution due to its physical tamper-resistance and isolation from the rest of the system. However, there are limitations to consider such as the difficulty in using them across multiple devices or platforms, and lack of backup or recovery options in case of loss or damage. Additionally, it may be difficult to manage and control access to the password in situations where multiple users need to access it.
+</details>
 
 <details>
-  <summary>Other devices</summary>
+  <summary>Other hardware options</summary>
   
 I am continuously exploring and evaluating new hardware options for this project. As more information and resources become available, I will keep you updated on my progress.
 </details>
