The goal is a vault that can be recovered 10+ years later without writing down or backing up any master password. The only dependency should be stable long-term human memory.
The approach:
Instead of storing a password, the final encryption key is derived from multiple personal answers in sequence using Argon2.
k0 = seed
k1 = Argon2(answer1, salt = k0)
k2 = Argon2(answer2, salt = k1)
...
kn = Argon2(answern, salt = kn-1)
Final key = kn.
Properties:
No concatenation of answers
No static master password
Each step depends strictly on the previous
Memory-hard derivation (Argon2 at every step)
Brute forcing cannot be parallelized across answers
The vault is structured as nested encrypted layers. Each layer contains the next question and the next encrypted payload. You must answer each question correctly to decrypt the next layer. The file never stores the master key — only encrypted guidance for reconstructing it.
There’s a working prototype. Deterministic reconstruction works as long as the answers and seed remain unchanged.
My open architectural question is about the root seed (k0).
Right now k0 is derived from the container hash. But it could be any deterministic reproducible value.
What would be a robust long-term root of trust for a system that must remain recoverable after 10+ years without storing secrets?
Constraints:
Must be reproducible
Must not depend on external services
Must not introduce a new single point of failure
Must remain stable over a decade
Is using a file hash reasonable? Should k0 be user-derived? Should it be fixed and public?
More fundamentally: is relying on long-term human memory as a cryptographic reconstruction mechanism inherently flawed?
I’d especially appreciate critique around entropy assumptions, threat models, and long-term survivability risks.