Hacker News new | ask | show | jobs
Ask HN: Long-term recoverable digital vault without a master key?
1 points by YuriiDev 105 days ago
I’m exploring a long-term encryption design where a master key is never stored — only reconstructed.

The goal is a vault that can be recovered 10+ years later without writing down or backing up any master password. The only dependency should be stable long-term human memory.

The approach:

Instead of storing a password, the final encryption key is derived from multiple personal answers in sequence using Argon2.

k0 = seed

k1 = Argon2(answer1, salt = k0)

k2 = Argon2(answer2, salt = k1)

...

kn = Argon2(answern, salt = kn-1)

Final key = kn.

Properties:

No concatenation of answers

No static master password

Each step depends strictly on the previous

Memory-hard derivation (Argon2 at every step)

Brute forcing cannot be parallelized across answers

The vault is structured as nested encrypted layers. Each layer contains the next question and the next encrypted payload. You must answer each question correctly to decrypt the next layer. The file never stores the master key — only encrypted guidance for reconstructing it.

There’s a working prototype. Deterministic reconstruction works as long as the answers and seed remain unchanged.

My open architectural question is about the root seed (k0).

Right now k0 is derived from the container hash. But it could be any deterministic reproducible value.

What would be a robust long-term root of trust for a system that must remain recoverable after 10+ years without storing secrets?

Constraints:

Must be reproducible

Must not depend on external services

Must not introduce a new single point of failure

Must remain stable over a decade

Is using a file hash reasonable? Should k0 be user-derived? Should it be fixed and public?

More fundamentally: is relying on long-term human memory as a cryptographic reconstruction mechanism inherently flawed?

I’d especially appreciate critique around entropy assumptions, threat models, and long-term survivability risks.
3 comments
gus_massa 103 days ago
> More fundamentally: is relying on long-term human memory as a cryptographic reconstruction mechanism inherently flawed?

I'm more worry about this. If the question is about your mothers name, the answer is probably in Facebook. If the question is your favorite 5 ice cream flavors, I'd probably change my mind assuming I didn't lie to avoid giving an easy answer and now I have no idea what I made up 10 years ago.

link
YuriiDev 103 days ago 

  That is a very valid concern and the main reason why "Cognitive Entropy" is tricky. To mitigate this, I’ve focused on three layers of defense:
Static Facts vs. Subjective Tastes: I advise users to avoid "dynamic" memories (like favorite flavors) in favor of "static" facts that are etched into long-term memory but aren't easily searchable (e.g., specific digits from an old, expired ID, or the exact layout of a childhood home). LLM-Assisted Question Grading: The app includes a prototype tool (integrated with an LLM) that helps users evaluate their questions. It "grades" them based on two factors: Memorability (will you remember this in 10 years?) and Guessability (can this be found on Facebook/OSINT?). If a user picks "Mother's maiden name," the system flags it as high-risk.

  The "Physical Anchor" Defense: This is crucial. Even if an attacker knows your mother's name, they cannot even see the question or attempt the Argon2 cascade without the initial seed (k_0) derived from your "Physical Anchor" (the file hash). The answers are useless without the specific photo or document you chose as a seed.

  Encrypted Hints: The system allows embedding hints directly into the questions. Since the questions themselves are encrypted, these hints are only revealed step-by-step to the person who already unlocked the previous layer.
I’ve detailed the philosophy behind this "Cognitive Security" in my White Paper Vol. 1 — Vision & Concept:

https://secretmemorylocker.com/white-paper/en/vision-and-con...

link
compressedgas 105 days ago
_POTSHARDS—a secure, recoverable, long-term archival storage system_ (2009) https://dl.acm.org/doi/10.1145/1534912.1534914
link
YuriiDev 103 days ago
Thanks for sharing this! POTSHARDS is a fascinating approach to long-term survivability through secret sharing and distribution. While they focus on avoiding encryption keys via data sharding across multiple archives, I’m trying to tackle the problem from the human side — using a memory-derived recursive cascade as the key. It's interesting to see how different architectures address the 'forgotten master key' dilemma.
link
pestatije 105 days ago
it does not pass the wrench test
link
YuriiDev 105 days ago
You’re right — under direct physical coercion this design does not provide strong resistance. My current threat model is focused more on long-term survivability and secret non-storage rather than state-level coercion resistance. I’m experimenting with limited deniability extensions (e.g. decoy derivation paths), but I’m aware that application-layer branching is not equivalent to formally secure deniable encryption. So I wouldn’t claim this passes a true “wrench test.” At best it may reduce risk in casual coercion scenarios. If the goal were coercion resistance specifically, the architecture would likely need to move toward threshold schemes or multi-party secret sharing instead.

I appreciate the pushback.

link