From 39a5dc3ee8fcc12be0490e9fac24356dae913479 Mon Sep 17 00:00:00 2001
From: Alexander Bakker <ab@alexbakker.me>
Date: Fri, 4 Feb 2022 17:02:37 +0100
Subject: [PATCH] Update the vault format documentation and improve the diagram

---
 docs/diagram.svg |  5 +++-
 docs/vault.md    | 72 +++++++++++++++++++++++++-----------------------
 2 files changed, 41 insertions(+), 36 deletions(-)

diff --git a/docs/diagram.svg b/docs/diagram.svg
index 9c09d501..76d5e8e8 100644
--- a/docs/diagram.svg
+++ b/docs/diagram.svg
@@ -1 +1,4 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="442" height="187" content="&lt;mxfile modified=&quot;2019-04-09T23:00:30.518Z&quot; host=&quot;www.draw.io&quot; agent=&quot;Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36&quot; etag=&quot;ypML7Kj5TbZQVp4-AUaV&quot; version=&quot;10.6.0&quot; type=&quot;device&quot;&gt;&lt;diagram id=&quot;kxfwbhLIyT1wbhEJJ4zQ&quot; name=&quot;Page-1&quot;&gt;7Zpdc6IwFIZ/jZd2gIAfl1Ztd2bbGXed2baXqUTIFgkbQtX99ZtIIhBQqVVxZ/fGIScfJOd9csyJtsBwsbqnMPIfiYuClmW4qxYYtSyr0+3xT2FYSwMwUoNHsZuazMwwxb+RNKpmCXZRXGjICAkYjorGGQlDNGMFG6SULIvN5iQovjWCHioZpjMYlK1P2GV+au05Rmb/grDnqzebhqxZQNVYGmIfumSZM4FxCwwpISx9WqyGKBC+U35J+93tqN1OjKKQ1enwFv6Mvz3g6MEh9M0IzcXg7qktR3mHQSIX3LI6AR/v9pU/eOLhEcYMUd7oDa1VJX/Ltn7bgSqL5XTar5iVK6Qj2Fp5l5IkdJGYoMmrlz5maBrBmahdcpy4zWeLQFbLqSLK0GqnD8ytZzmRiCwQo3zWhuwAlBiSRqvrpOVlpq2p2vg5XYFsByVO3nbozOP8QTr9AwJYOwVw8XvBWZ1fiUDllq+etWGAvbAFBoJ8vnahj6ov6aIMExjHS0JdMWpA2D4tuW3z+qL1VDOKIxgqW5u3H4czuo4YckuQ5VueZm4BmrP6M5tACrnOiMZXNKkpDNgHp/OZbSc2HOYBcZDOd8RIdJrNaPe0zaiCan4zmhWbUfU7+WYEh6PhHQ49RCOK+RoP76N86DsnEp/bQX8FHcCuSYd9Ljrsw3R8h8v/VFw0ZhhNU9E7TMVgPG3zMxFvdT98rAeGlG5zjiwfv675RFUlSNWJ6myC9GsIErqUYLEtvqL1lBGK6qkySJhPqMhRLCOJxSeZK2W4gX81iBQj/w1xdXqZjqZXp0IvUKFX51x6qd26T7BY7oY6Io0Qxe9oK8ucksXGQ+rwe/WSmP2KpKRKEudsklSlhZqXUOgORH7NS7OAOxfPio7hi6frZ14wVOFFFG4cVRyt8pWjtSqtMHtWY/DntFfXkcWslyioTunskFvK5TUN+ApIQmfocDxnkHqIHUrcyprmNHP2SEZRAJnAtHBfUaGjfMOEpAdOFXXNIjK2fiROlyl75S8F9IE62kBAGyj1Q2mgDVbbZX+CtKr898KkGTd9AHK0mTeGtR83UZjwMLNJDZtDEDSJoKV98dt6NKqLoNXVBjIujGBV1tdosLu6WGc3GutsjQ/z2FjX1zJK/UhzbtCqEsgTgda9ctL6NUnrNUmafhCzu8eGNEMbyLowac4/G9JUcLhu0vRQdHRMs+2GY1rnlKRlcL3k6w6e35w8axcj7a8ATTvfW33th6xjEwV+3rssaN0TgFYJjLkXmF1wGgfgbAA0s1nStHwA9I4lrXTxf2HSatzo/oBJsOM6quHLpJIMVT+bnOg+lhezvy+k7s/+AwLGfwA=&lt;/diagram&gt;&lt;/mxfile&gt;" version="1.1" viewBox="-0.5 -0.5 442 187" style="background-color:#fff"><g><rect width="120" height="35" x="170" y="80" fill="#fff" stroke="#000" pointer-events="none" rx="5.25" ry="5.25"/><g transform="translate(198.5,84.5)"><switch><foreignObject style="overflow:visible" width="62" height="26" pointer-events="all" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;font-size:12px;font-family:Helvetica;color:#000;line-height:1.2;vertical-align:top;width:64px;white-space:nowrap;overflow-wrap:normal;text-align:center"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit"><b>Master key</b><br/>256-bit<br/></div></div></foreignObject><text x="31" y="19" fill="#000" font-family="Helvetica" font-size="12" text-anchor="middle">[Not supported by viewer]</text></switch></g><rect width="110" height="80" x="330" y="55" fill="#fff" stroke="#000" pointer-events="none" rx="12" ry="12"/><g transform="translate(342.5,62.5)"><switch><foreignObject style="overflow:visible" width="84" height="54" pointer-events="all" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;font-size:12px;font-family:Helvetica;color:#000;line-height:1.2;vertical-align:top;width:84px;white-space:nowrap;overflow-wrap:normal;text-align:center"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit"><div style="text-align:center"><b>Password slot</b></div><div style="text-align:center"><span>- Encrypted key</span></div><div style="text-align:left"><span>- Parameters</span></div><div style="text-align:left"><span>- Salt</span></div></div></div></foreignObject><text x="42" y="33" fill="#000" font-family="Helvetica" font-size="12" text-anchor="middle">[Not supported by viewer]</text></switch></g><rect width="110" height="40" x="330" y="145" fill="#fff" stroke="#000" pointer-events="none" rx="6" ry="6"/><g transform="translate(340.5,152.5)"><switch><foreignObject style="overflow:visible" width="88" height="26" pointer-events="all" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;font-size:12px;font-family:Helvetica;color:#000;line-height:1.2;vertical-align:top;width:89px;white-space:nowrap;overflow-wrap:normal;text-align:center"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit"><b>Biometric slot</b><br/><div style="text-align:left"><span>- Encrypted key</span></div></div></div></foreignObject><text x="44" y="19" fill="#000" font-family="Helvetica" font-size="12" text-anchor="middle">[Not supported by viewer]</text></switch></g><rect width="110" height="40" x="330" y="5" fill="#fff" stroke="#000" pointer-events="none" rx="6" ry="6"/><g transform="translate(342.5,12.5)"><switch><foreignObject style="overflow:visible" width="84" height="26" pointer-events="all" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;font-size:12px;font-family:Helvetica;color:#000;line-height:1.2;vertical-align:top;width:84px;white-space:nowrap;overflow-wrap:normal;text-align:center"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit"><b>Raw slot</b><br/><div style="text-align:left"><span>- Encrypted key</span></div></div></div></foreignObject><text x="42" y="19" fill="#000" font-family="Helvetica" font-size="12" text-anchor="middle">[Not supported by viewer]</text></switch></g><rect width="120" height="40" x="170" y="5" fill="#fff" stroke="#000" pointer-events="none" rx="6" ry="6"/><g transform="translate(178.5,11.5)"><switch><foreignObject style="overflow:visible" width="102" height="26" pointer-events="all" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;font-size:12px;font-family:Helvetica;color:#000;line-height:1.2;vertical-align:top;width:104px;white-space:nowrap;overflow-wrap:normal;text-align:center"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit"><b>AES-256 GCM</b><br/>Encrypt master key<br/></div></div></foreignObject><text x="51" y="19" fill="#000" font-family="Helvetica" font-size="12" text-anchor="middle">[Not supported by viewer]</text></switch></g><rect width="130" height="60" x="0" y="65" fill="#fff" stroke="#000" pointer-events="none" rx="9" ry="9"/><g transform="translate(1.5,74.5)"><switch><foreignObject style="overflow:visible" width="126" height="40" pointer-events="all" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;font-size:12px;font-family:Helvetica;color:#000;line-height:1.2;vertical-align:top;width:126px;white-space:normal;overflow-wrap:normal;text-align:center"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit"><b>Android KeyStore</b><br/>Authorize use of key using biometrics<br/></div></div></foreignObject><text x="63" y="26" fill="#000" font-family="Helvetica" font-size="12" text-anchor="middle">[Not supported by viewer]</text></switch></g><rect width="130" height="50" x="0" y="0" fill="#fff" stroke="#000" pointer-events="none" rx="7.5" ry="7.5"/><g transform="translate(1.5,4.5)"><switch><foreignObject style="overflow:visible" width="126" height="40" pointer-events="all" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;font-size:12px;font-family:Helvetica;color:#000;line-height:1.2;vertical-align:top;width:126px;white-space:normal;overflow-wrap:normal;text-align:center"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit"><b>scrypt</b><br/>Derive key from password<br/></div></div></foreignObject><text x="63" y="26" fill="#000" font-family="Helvetica" font-size="12" text-anchor="middle">&lt;b&gt;scrypt&lt;/b&gt;&lt;br&gt;Derive key from password&lt;br&gt;</text></switch></g><path fill="none" stroke="#000" stroke-miterlimit="10" d="M 290.33 35 L 326.8 89.7" pointer-events="none"/><path fill="#000" stroke="#000" stroke-miterlimit="10" d="M 329.71 94.07 L 322.92 90.19 L 326.8 89.7 L 328.74 86.3 Z" pointer-events="none"/><path fill="none" stroke="#000" stroke-miterlimit="10" d="M 282 45.83 L 327.94 159.1" pointer-events="none"/><path fill="#000" stroke="#000" stroke-miterlimit="10" d="M 329.91 163.96 L 324.04 158.79 L 327.94 159.1 L 330.53 156.16 Z" pointer-events="none"/><path fill="none" stroke="#000" stroke-miterlimit="10" d="M 290.33 25 L 323.97 25" pointer-events="none"/><path fill="#000" stroke="#000" stroke-miterlimit="10" d="M 329.22 25 L 322.22 28.5 L 323.97 25 L 322.22 21.5 Z" pointer-events="none"/><path fill="none" stroke="#000" stroke-miterlimit="10" d="M 130.33 95 L 166.8 40.3" pointer-events="none"/><path fill="#000" stroke="#000" stroke-miterlimit="10" d="M 169.71 35.93 L 168.74 43.7 L 166.8 40.3 L 162.92 39.81 Z" pointer-events="none"/><path fill="none" stroke="#000" stroke-miterlimit="10" d="M 130.33 25 L 163.97 25" pointer-events="none"/><path fill="#000" stroke="#000" stroke-miterlimit="10" d="M 169.22 25 L 162.22 28.5 L 163.97 25 L 162.22 21.5 Z" pointer-events="none"/><path fill="none" stroke="#000" stroke-miterlimit="10" d="M 230.33 80 L 230.33 51.37" pointer-events="none"/><path fill="#000" stroke="#000" stroke-miterlimit="10" d="M 230.33 46.12 L 233.83 53.12 L 230.33 51.37 L 226.83 53.12 Z" pointer-events="none"/><path fill="none" stroke="#000" stroke-miterlimit="10" d="M 230.33 115 L 230.33 138.63" pointer-events="none"/><path fill="#000" stroke="#000" stroke-miterlimit="10" d="M 230.33 143.88 L 226.83 136.88 L 230.33 138.63 L 233.83 136.88 Z" pointer-events="none"/><rect width="120" height="40" x="170" y="145" fill="#fff" stroke="#000" pointer-events="none" rx="6" ry="6"/><g transform="translate(215.5,158.5)"><switch><foreignObject style="overflow:visible" width="28" height="12" pointer-events="all" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;font-size:12px;font-family:Helvetica;color:#000;line-height:1.2;vertical-align:top;width:30px;white-space:nowrap;overflow-wrap:normal;text-align:center"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit"><b>Vault</b></div></div></foreignObject><text x="14" y="12" fill="#000" font-family="Helvetica" font-size="12" text-anchor="middle">[Not supported by viewer]</text></switch></g></g></svg>
\ No newline at end of file
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Do not edit this file with editors other than diagrams.net -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="601px" height="632px" viewBox="-0.5 -0.5 601 632" content="&lt;mxfile modified=&quot;2022-02-04T15:51:34.407Z&quot; host=&quot;app.diagrams.net&quot; agent=&quot;5.0 (X11)&quot; etag=&quot;Sf0Fk9EOhHNxQTlpSS3T&quot; version=&quot;16.5.3&quot; type=&quot;device&quot;&gt;&lt;diagram id=&quot;kxfwbhLIyT1wbhEJJ4zQ&quot; name=&quot;Page-1&quot;&gt;7V1bk5u4Ev41rn0aF3fw49wyu7WTOtkztZfsSwqDbLPGyAF5Zry/fiWQuAiBsc3FTDypSoZGSIL+vqbV3SgT9X7z/hTa29Vn6AJ/okju+0R9mCjKzJLx30SwTwS6YSSCZei5iUjOBC/ev4AKJSrdeS6ICg0RhD7ytkWhA4MAOKggs8MQvhWbLaBfHHVrL0FJ8OLYfln6p+eiVSK1dCmT/wy85YqNLEv0zMZmjakgWtkufMuJ1MeJeh9CiJLfNu/3wCfPjj2X5LpPFWfTiYUgQE0ueEKW8cf3337533fpfbf+/svXv+dPNyadG9qzGwYuvn96CEO0gksY2P5jJr0L4S5wAelVwkdZm2cIt1goY+E/AKE9Vaa9QxCLVmjj07N4wuH+L3L9VGeHX/PnHt5p58nRnh4tYIA+2RvPJ4Kfgf8KkOfY9AQdTY4ber5/D30YxrekujqwXA3LIxTCNcidsZS5igGp3iWPgdx75dOlogjuQoe2Wgf/RL89e9tnHYZrKZA3t5/+vGEotcMlQDWP3kgxgLkD4AbgW8XXhcC3kfdanIdNUbxM22WKxr9QXYv1XjfJV9vf0ZEmiuHj6d7N8S9L8stnO0IgxI3WYM9O4rHS8+kFIZM8gQCENgL4Gszzm7mH2NUcxjIEEZW/rTwEXrZ2/FTfsBUpoqVS65UqegUhAu85Ufkp07MqMzPUOskqPX7LuC4bVLbK8VybdaQYpVIxrvdKBvS9ZRCfML7viOm488ECZUcl7TDBFzuK3mDoEk34ENVpFMviwYrS08aPtnbAZDf4+sfACfdbBNzYRAoRlr+kjym9xDNKoGRjLYIwGnI2to+OHJ5j1wE+EXZgAvm3dKKIWO1qlrH7ie8inq7jBcvn+OhBb4eGOk9DU0BDU0BDJmudhmpXNLzz4hl6TgMeZpZ1RMysNPXSYVM/AmgqWkNoal1B0zr86r59fLnBb2Dc6un+czOEUe1X6D6PxLG8yxWp6bu8K03NGmgqcEPoEcr9CvYvCIbgOIOQo17O+4o1J9kB6Re73ysYEuf4sA1JRLsIswhfOWemKjqa6+dAgTcCG89143UH5ff/qeZ0IeV9ew58vChxQcj8/AAGID1jO+tlPE/uLO2JrSBawKPFwVHgWqYQzcNR7wqOjB91eIyoFWiCwQcQknUKg9sihBv8zy4C4U9R/PCYw9kJTDiFFZGQFzG8dKTX1KQMp1fRYo5f1QfuLYmG4CPHx4rB/kdxSf7uob9yv3+NV+eKTg+zBTk5OLwe59bfNrAWZMDS+ttwLDBf1OmFW5KXtZJ77HrNU2+8rKYjfIFegDKla6ZSZLPMaTMJC9Cr8lEYriNdPtBREjcodYS1Z+9zzbakQVQz4Zl4nAxoSY8Z7NJnegYSRavXY5GYBocmudBQLlJUERwSI9hsB8ELywGOEMFzS9f0WstyMGBEHbp8wKhuTXIhjEjjmhRgGm/fmjIiXcSxjqSuGCF+IVfNq9Te6INBWncMMk+j0AgYNGvIIOuiGCTrHPD5aEZjBklcR0o3DFJ4Ruh6/bzqGdcRg/TuGKQMyaBzvKjDSQtplBRSOYRpp7plmlbsSDX6oZBsHUmhXtw443wKVaKaUSSjRZr6q6RIVcJQOkDHU/OALaX9xkAgQ+fweCKB+I6Uhl7cCZgVZlMbrIGjNUDOikIjJioIH18B4WsCwDRDTxq4drRK49Y5YJewI0nG4+0nFmD6AiMPeZAErhxARshFtJ65BnOIENxUxr3hDvlegIdilQ1SLuaddo4nvSU3uHlfkgKMKVwsPAdMI+DsQg/tp2uw/7YF4cbDHIVBVGaFPLdlgPHB5fWbJ9vxcd7Ri39SKpXiKgJ2VYZamMtdmxfSpuyVn+eHKlVToWm0RQg0UWaoH6DdYU5J0niBBnRZi+d/+UATZnl6BloDP7YjoCkPpjFmoBmSPZPNiwSaxq355AsAmjIre3d9FoEdF+drrEWhn3XQt6su1WpQ0qWYYuW3XtNVN8vOEsOv9o6UppBSSwToKqezVPBZLONTwYIUTWdVXULVDMywkZdZih1+QcRC7LBZQ5KySdL1cKXlWIiWxswHY5pcXbl1jhV8AOLymLEoRm9sArvyMoSZje6qYW6zshdpF5Eif0WCi0llVdO1NubI2piz4MnVUOgCs9FZDYUYnaLV1g9ZG9OqXpXB9dpCKDv1o9KDI7NB0lQqJoRU05z0lBIi/X7BYIzr2mn3zb2wg85V8rodKnqty/LUlHI/xRi0rhlTdZad5fpvHNrm3qUW/47sqEABT792XqX2Zru5IbHCze4I1bhAQSqwqecChQ/BG259rFinUYMvArI6q2YTT7gxNWZ9UENUmX8qNUZZu9POwl4bBYf46h2Lj8+eWr1j8inYjkoPDPm40oN+OCT6ZqIlDo2jeqcdDumj4BBfvmOeWgHHl++YPVXAYet3HIf6cNHYvfdYviPVcuTkQPSg8WW1KYWkyZAU4upudL5w7dQCHr3hKqc11F4reH6ACh5dtMFC3/luZTCkXUt4ekOawYJBQyJtuGKxaw1PbzU8uuhD876RVp1dEyS00sTFH0lJx0lbwSSi3wMfOmuyaQTXdW2S7eA4HEkuJq+q81+9MUbndS9y9zpLeCsNMhxd2BiaG+Roq0vkz8WaHYLVb7tgG0KEeyE3eVeEVn0itDqBemRV2lkYNDQeg+a0/K5T1CnDXMECaV3hUJQYONbcZMbimVqVsRgCUX1Fv3agQfT5agfyduDNQ6tvxBFh4m/LEIDgQ9gEUxaZBGtqGgKToLO27X8sIZcweC0tLj6hpmWMfW0XWTvLq3vZ7VtFlg6/VXotp1QHipWM960ydu9SUWbTWf7HLCLyEnxNdaC4ynhRWfZ15vGjGyFADVoWVfpkeVhPp0Fd1BWS9ZCEoR0sPwYoFU27DAe8m91Cs88hxvtRmDB0169zVb1B6HWz7+tm35e72fd5kTP+0yRRSrirzb6FPNQOrG6vu30fv5CWDhv7EWDTEKX2utrtW4zNgcpiPpJf+WGWOrpgt4j+fUrtGhO6LnUmtYU2A4Dyx0o/ytynbprgS8t+84+s435TPY2BT8tg2ZeQL+kXsi2XDWuC3ZwvcFsK7Zot/oGzxdiTKFoPVZgu1qYsf9vPhmct7H19YrVgrXU4NZ18yudELVoitaklSmoHh/qAQed3wT51C1+Dy5023cK3rQ8Y9OotJAjcCjhmq3Ry4iaKgXiLG2BFvzeIKjDBjgnoYp6YxMy72QnW7qLoXzK5igU9tjHoSHtORSUrW7l3iciNKvJ4DDZV5fcqLTtkouByd9a0eju4JILUDI0xVDhA0uh/EW51YaGPjyKFvW6Yv6t3AClVUA7SEqbwYfY/EScWMfvvnNXH/wA=&lt;/diagram&gt;&lt;/mxfile&gt;"><defs/><g><path d="M 310.03 120 L 310.03 100 L 310.03 119.03 L 310.01 105.37" fill="none" stroke="#82b366" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 310 100.12 L 313.51 107.11 L 310.01 105.37 L 306.51 107.12 Z" fill="#82b366" stroke="#82b366" stroke-miterlimit="10" pointer-events="all"/><rect x="230" y="120" width="160" height="49" rx="7.35" ry="7.35" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 145px; margin-left: 231px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>Master key</b><br />Generate 256-bit key</div></div></div></foreignObject><text x="310" y="148" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Master key...</text></switch></g><rect x="430" y="160" width="170" height="70" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 163px; height: 1px; padding-top: 167px; margin-left: 437px;"><div style="box-sizing: border-box; font-size: 0px; text-align: left;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><div align="left"><b>Password slot</b></div><div align="left"><span>- Encrypted master key</span></div><div align="left"><span>- Scrypt parameters</span></div><div align="left"><span>- Salt</span></div></div></div></div></foreignObject><text x="437" y="179" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px">Password slot...</text></switch></g><rect x="430" y="230" width="170" height="40" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 163px; height: 1px; padding-top: 237px; margin-left: 437px;"><div style="box-sizing: border-box; font-size: 0px; text-align: left;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><div align="left"><b>Biometric slot</b><br /></div><div align="left"><span>- Encrypted master key</span></div></div></div></div></foreignObject><text x="437" y="249" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px">Biometric slot...</text></switch></g><rect x="230" y="190" width="160" height="40" rx="6" ry="6" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 210px; margin-left: 231px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>AES-256 GCM</b><br />Encrypt master key<br /></div></div></div></foreignObject><text x="310" y="214" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">AES-256 GCM...</text></switch></g><rect x="0" y="220" width="200" height="50" rx="7.5" ry="7.5" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 172px; height: 1px; padding-top: 245px; margin-left: 14px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>Android KeyStore</b><br /><div>Generate key and authorize</div><div>using biometrics</div></div></div></div></foreignObject><text x="100" y="249" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Android KeyStore...</text></switch></g><rect x="0" y="150" width="200" height="50" rx="7.5" ry="7.5" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 162px; height: 1px; padding-top: 175px; margin-left: 19px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>scrypt</b><br />Derive key from user's password</div></div></div></foreignObject><text x="100" y="179" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">scrypt...</text></switch></g><path d="M 392 200 L 402 200 Q 412 200 418.82 200 L 425.63 200" fill="none" stroke="#6c8ebf" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 430.88 200 L 423.88 203.5 L 425.63 200 L 423.88 196.5 Z" fill="#6c8ebf" stroke="#6c8ebf" stroke-miterlimit="10" pointer-events="all"/><path d="M 390 220 L 400 220 Q 410 220 410 230 L 410 240 Q 410 250 416.82 250 L 423.63 250" fill="none" stroke="#b85450" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 428.88 250 L 421.88 253.5 L 423.63 250 L 421.88 246.5 Z" fill="#b85450" stroke="#b85450" stroke-miterlimit="10" pointer-events="all"/><path d="M 200 245 L 205 245 Q 210 245 210 235 L 210 227.5 Q 210 220 216.82 220 L 223.63 220" fill="none" stroke="#b85450" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 228.88 220 L 221.88 223.5 L 223.63 220 L 221.88 216.5 Z" fill="#b85450" stroke="#b85450" stroke-miterlimit="10" pointer-events="all"/><path d="M 200 175 L 205 175 Q 210 175 210 185 L 210 192.5 Q 210 200 216.82 200 L 223.63 200" fill="none" stroke="#6c8ebf" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 228.88 200 L 221.88 203.5 L 223.63 200 L 221.88 196.5 Z" fill="#6c8ebf" stroke="#6c8ebf" stroke-miterlimit="10" pointer-events="all"/><path d="M 310 169 L 310 183.63" fill="none" stroke="#82b366" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 310 188.88 L 306.5 181.88 L 310 183.63 L 313.5 181.88 Z" fill="#82b366" stroke="#82b366" stroke-miterlimit="10" pointer-events="all"/><rect x="180" y="160" width="14.15" height="30" fill="none" stroke="none" pointer-events="all"/><path d="M 187.02 167.66 C 188.33 167.66 189.25 166.61 189.25 165.43 C 189.25 164.33 188.39 163.21 186.99 163.21 C 185.99 163.21 184.81 164.01 184.81 165.49 C 184.81 166.6 185.75 167.66 187.02 167.66 Z M 184.26 186.92 L 184.26 174.07 C 181.99 172.99 180 170.4 180 167.45 C 180 163.28 183.14 160 187.04 160 C 191 160 194.15 163.26 194.15 167.56 C 194.15 170.18 192.25 172.79 189.8 174.08 L 189.8 177.07 L 187.75 179.26 L 190.31 181.91 L 190.31 182.04 L 188.01 184.48 L 190.18 186.79 L 187.08 190 Z" fill="#1ba1e2" stroke="#006eaf" stroke-miterlimit="10" pointer-events="all"/><rect x="180" y="230" width="14.15" height="30" fill="none" stroke="none" pointer-events="all"/><path d="M 187.02 237.66 C 188.33 237.66 189.25 236.61 189.25 235.43 C 189.25 234.33 188.39 233.21 186.99 233.21 C 185.99 233.21 184.81 234.01 184.81 235.49 C 184.81 236.6 185.75 237.66 187.02 237.66 Z M 184.26 256.92 L 184.26 244.07 C 181.99 242.99 180 240.4 180 237.45 C 180 233.28 183.14 230 187.04 230 C 191 230 194.15 233.26 194.15 237.56 C 194.15 240.18 192.25 242.79 189.8 244.08 L 189.8 247.07 L 187.75 249.26 L 190.31 251.91 L 190.31 252.04 L 188.01 254.48 L 190.18 256.79 L 187.08 260 Z" fill="#e51400" stroke="#b20000" stroke-miterlimit="10" pointer-events="all"/><rect x="370" y="130" width="14.15" height="30" fill="none" stroke="none" pointer-events="all"/><path d="M 377.02 137.66 C 378.33 137.66 379.25 136.61 379.25 135.43 C 379.25 134.33 378.39 133.21 376.99 133.21 C 375.99 133.21 374.81 134.01 374.81 135.49 C 374.81 136.6 375.75 137.66 377.02 137.66 Z M 374.26 156.92 L 374.26 144.07 C 371.99 142.99 370 140.4 370 137.45 C 370 133.28 373.14 130 377.04 130 C 381 130 384.15 133.26 384.15 137.56 C 384.15 140.18 382.25 142.79 379.8 144.08 L 379.8 147.07 L 377.75 149.26 L 380.31 151.91 L 380.31 152.04 L 378.01 154.48 L 380.18 156.79 L 377.08 160 Z" fill="#60a917" stroke="#2d7600" stroke-miterlimit="10" pointer-events="all"/><path d="M 390 74.5 L 433.63 74.5" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 438.88 74.5 L 431.88 78 L 433.63 74.5 L 431.88 71 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><rect x="230" y="50" width="160" height="49" rx="7.35" ry="7.35" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 75px; margin-left: 231px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>AES-256 GCM</b><br />Encrypt vault contents</div></div></div></foreignObject><text x="310" y="78" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">AES-256 GCM...</text></switch></g><path d="M 310.03 480 L 310.03 460 L 310.03 480.97 L 310.01 467.37" fill="none" stroke="#82b366" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 310 462.12 L 313.51 469.11 L 310.01 467.37 L 306.51 469.12 Z" fill="#82b366" stroke="#82b366" stroke-miterlimit="10" pointer-events="all"/><rect x="230" y="480" width="160" height="49" rx="7.35" ry="7.35" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 505px; margin-left: 231px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>Master key</b></div></div></div></foreignObject><text x="310" y="508" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Master key</text></switch></g><rect x="230" y="550" width="160" height="40" rx="6" ry="6" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 570px; margin-left: 231px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>AES-256 GCM</b><br />Decrypt master key</div></div></div></foreignObject><text x="310" y="574" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">AES-256 GCM...</text></switch></g><rect x="0" y="580" width="200" height="50" rx="7.5" ry="7.5" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 172px; height: 1px; padding-top: 605px; margin-left: 14px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>Android KeyStore</b><br /><div>Authorize usage of key<br /></div><div>using biometrics</div></div></div></div></foreignObject><text x="100" y="609" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Android KeyStore...</text></switch></g><rect x="0" y="510" width="200" height="50" rx="7.5" ry="7.5" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 162px; height: 1px; padding-top: 535px; margin-left: 19px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>scrypt</b><br />Derive key from user's password</div></div></div></foreignObject><text x="100" y="539" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">scrypt...</text></switch></g><path d="M 431.7 536.39 L 420 536.18 Q 410 536 410 546 L 410 553 Q 410 560 403.18 560 L 396.37 560" fill="none" stroke="#6c8ebf" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 391.12 560 L 398.12 556.5 L 396.37 560 L 398.12 563.5 Z" fill="#6c8ebf" stroke="#6c8ebf" stroke-miterlimit="10" pointer-events="all"/><path d="M 430 618 L 420 618 Q 410 618 410 608 L 410 590 Q 410 580 403.18 580 L 396.37 580" fill="none" stroke="#b85450" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 391.12 580 L 398.12 576.5 L 396.37 580 L 398.12 583.5 Z" fill="#b85450" stroke="#b85450" stroke-miterlimit="10" pointer-events="all"/><path d="M 200 605 L 205 605 Q 210 605 210 595 L 210 587.5 Q 210 580 216.82 580 L 223.63 580" fill="none" stroke="#b85450" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 228.88 580 L 221.88 583.5 L 223.63 580 L 221.88 576.5 Z" fill="#b85450" stroke="#b85450" stroke-miterlimit="10" pointer-events="all"/><path d="M 200 535 L 205 535 Q 210 535 210 545 L 210 552.5 Q 210 560 216.82 560 L 223.63 560" fill="none" stroke="#6c8ebf" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 228.88 560 L 221.88 563.5 L 223.63 560 L 221.88 556.5 Z" fill="#6c8ebf" stroke="#6c8ebf" stroke-miterlimit="10" pointer-events="all"/><path d="M 310 550 L 310 535.37" fill="none" stroke="#82b366" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 310 530.12 L 313.5 537.12 L 310 535.37 L 306.5 537.12 Z" fill="#82b366" stroke="#82b366" stroke-miterlimit="10" pointer-events="all"/><rect x="180" y="520" width="14.15" height="30" fill="none" stroke="none" pointer-events="all"/><path d="M 187.02 527.66 C 188.33 527.66 189.25 526.61 189.25 525.43 C 189.25 524.33 188.39 523.21 186.99 523.21 C 185.99 523.21 184.81 524.01 184.81 525.49 C 184.81 526.6 185.75 527.66 187.02 527.66 Z M 184.26 546.92 L 184.26 534.07 C 181.99 532.99 180 530.4 180 527.45 C 180 523.28 183.14 520 187.04 520 C 191 520 194.15 523.26 194.15 527.56 C 194.15 530.18 192.25 532.79 189.8 534.08 L 189.8 537.07 L 187.75 539.26 L 190.31 541.91 L 190.31 542.04 L 188.01 544.48 L 190.18 546.79 L 187.08 550 Z" fill="#1ba1e2" stroke="#006eaf" stroke-miterlimit="10" pointer-events="all"/><rect x="180" y="595" width="14.15" height="30" fill="none" stroke="none" pointer-events="all"/><path d="M 187.02 602.66 C 188.33 602.66 189.25 601.61 189.25 600.43 C 189.25 599.33 188.39 598.21 186.99 598.21 C 185.99 598.21 184.81 599.01 184.81 600.49 C 184.81 601.6 185.75 602.66 187.02 602.66 Z M 184.26 621.92 L 184.26 609.07 C 181.99 607.99 180 605.4 180 602.45 C 180 598.28 183.14 595 187.04 595 C 191 595 194.15 598.26 194.15 602.56 C 194.15 605.18 192.25 607.79 189.8 609.08 L 189.8 612.07 L 187.75 614.26 L 190.31 616.91 L 190.31 617.04 L 188.01 619.48 L 190.18 621.79 L 187.08 625 Z" fill="#e51400" stroke="#b20000" stroke-miterlimit="10" pointer-events="all"/><rect x="370" y="490" width="14.15" height="30" fill="none" stroke="none" pointer-events="all"/><path d="M 377.02 497.66 C 378.33 497.66 379.25 496.61 379.25 495.43 C 379.25 494.33 378.39 493.21 376.99 493.21 C 375.99 493.21 374.81 494.01 374.81 495.49 C 374.81 496.6 375.75 497.66 377.02 497.66 Z M 374.26 516.92 L 374.26 504.07 C 371.99 502.99 370 500.4 370 497.45 C 370 493.28 373.14 490 377.04 490 C 381 490 384.15 493.26 384.15 497.56 C 384.15 500.18 382.25 502.79 379.8 504.08 L 379.8 507.07 L 377.75 509.26 L 380.31 511.91 L 380.31 512.04 L 378.01 514.48 L 380.18 516.79 L 377.08 520 Z" fill="#60a917" stroke="#2d7600" stroke-miterlimit="10" pointer-events="all"/><rect x="440" y="412" width="150" height="49" rx="7.35" ry="7.35" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 148px; height: 1px; padding-top: 437px; margin-left: 441px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><div><b>Vault</b></div><div>Unlocked<b><br /></b></div></div></div></div></foreignObject><text x="515" y="440" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Vault...</text></switch></g><rect x="560" y="417.5" width="23.49" height="34" fill="none" stroke="none" pointer-events="all"/><path d="M 578.42 433.34 L 578.42 426.86 C 578.42 423.8 575.8 420.28 571.77 420.28 C 567.72 420.28 565.07 423.68 565.07 426.93 L 565.07 428.67 L 562.3 428.68 L 562.3 426.95 C 562.3 421.38 566.99 417.5 571.62 417.5 C 577.14 417.5 581.19 421.95 581.19 427.03 L 581.19 433.34 L 581.69 433.34 C 582.62 433.34 583.49 434.16 583.49 435.2 L 583.49 449.66 C 583.49 450.67 582.64 451.5 581.68 451.5 L 561.81 451.5 C 560.85 451.5 560 450.66 560 449.67 L 560 435.15 C 560 434.19 560.82 433.34 561.85 433.34 Z" fill="#505050" stroke="none" pointer-events="all"/><rect x="440" y="50" width="150" height="49" rx="7.35" ry="7.35" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 148px; height: 1px; padding-top: 75px; margin-left: 441px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>Vault</b><br />Locked</div></div></div></foreignObject><text x="515" y="78" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Vault...</text></switch></g><rect x="560" y="61.5" width="28.76" height="35.5" fill="none" stroke="none" pointer-events="all"/><path d="M 582.79 87.53 C 581.63 87.13 580 85.73 579.96 83.5 C 579.96 81.03 581.92 79.06 584.35 79.06 C 586.83 79.06 588.76 81.09 588.76 83.43 C 588.76 85.28 587.64 86.79 585.98 87.48 L 585.98 89.22 L 584.87 90.56 L 586.44 92.13 L 586.44 92.22 L 585.05 93.69 L 586.4 95.07 L 584.5 97 L 582.79 95.16 Z M 584.36 83.2 C 585.1 83.2 585.52 82.6 585.52 82.09 C 585.52 81.31 584.93 80.9 584.36 80.9 C 583.67 80.9 583.2 81.45 583.2 82.04 C 583.2 82.74 583.75 83.2 584.36 83.2 Z" fill="#7fba42" stroke="none" pointer-events="all"/><rect x="560" y="61.5" width="0" height="0" fill="none" stroke="none" pointer-events="all"/><path d="M 561.78 93.69 C 560.94 93.69 560 92.92 560 91.87 L 560 77.56 C 560 76.54 560.92 75.85 561.79 75.85 L 562.32 75.85 L 562.32 70.72 C 562.32 66.36 565.95 61.5 572.01 61.5 C 577.03 61.5 581.3 65.91 581.3 70.71 L 581.3 75.85 L 581.81 75.85 C 582.79 75.85 583.62 76.62 583.62 77.54 L 583.62 77.67 C 580.73 78.01 578.65 80.36 578.49 83.07 C 578.39 85.25 579.42 87.21 581.31 88.31 L 581.31 93.69 Z M 578.52 75.85 L 578.52 70.77 C 578.52 67.83 576.03 64.25 571.88 64.25 C 567.87 64.25 565.09 67.51 565.09 70.76 L 565.09 75.85 Z" fill="#505050" stroke="none" pointer-events="all"/><path d="M 180 74.5 L 223.63 74.5" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 228.88 74.5 L 221.88 78 L 223.63 74.5 L 221.88 71 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><rect x="20" y="50" width="160" height="49" rx="7.35" ry="7.35" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 75px; margin-left: 21px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><div><b>Vault</b></div><div>Unlocked<b><br /></b></div></div></div></div></foreignObject><text x="100" y="78" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Vault...</text></switch></g><rect x="150" y="57.5" width="23.49" height="34" fill="none" stroke="none" pointer-events="all"/><path d="M 168.42 73.34 L 168.42 66.86 C 168.42 63.8 165.8 60.28 161.77 60.28 C 157.72 60.28 155.07 63.68 155.07 66.93 L 155.07 68.67 L 152.3 68.68 L 152.3 66.95 C 152.3 61.38 156.99 57.5 161.62 57.5 C 167.14 57.5 171.19 61.95 171.19 67.03 L 171.19 73.34 L 171.69 73.34 C 172.62 73.34 173.49 74.16 173.49 75.2 L 173.49 89.66 C 173.49 90.67 172.64 91.5 171.68 91.5 L 151.81 91.5 C 150.85 91.5 150 90.66 150 89.67 L 150 75.15 C 150 74.19 150.82 73.34 151.85 73.34 Z" fill="#505050" stroke="none" pointer-events="all"/><rect x="566" y="170" width="28.76" height="35.5" fill="none" stroke="none" pointer-events="all"/><path d="M 588.79 196.03 C 587.63 195.63 586 194.23 585.96 192 C 585.96 189.53 587.92 187.56 590.35 187.56 C 592.83 187.56 594.76 189.59 594.76 191.93 C 594.76 193.78 593.64 195.29 591.98 195.98 L 591.98 197.72 L 590.87 199.06 L 592.44 200.63 L 592.44 200.72 L 591.05 202.19 L 592.4 203.57 L 590.5 205.5 L 588.79 203.66 Z M 590.36 191.7 C 591.1 191.7 591.52 191.1 591.52 190.59 C 591.52 189.81 590.93 189.4 590.36 189.4 C 589.67 189.4 589.2 189.95 589.2 190.54 C 589.2 191.24 589.75 191.7 590.36 191.7 Z" fill="#2072b8" stroke="none" pointer-events="all"/><rect x="566" y="170" width="0" height="0" fill="none" stroke="none" pointer-events="all"/><path d="M 567.78 202.19 C 566.94 202.19 566 201.42 566 200.37 L 566 186.06 C 566 185.04 566.92 184.35 567.79 184.35 L 568.32 184.35 L 568.32 179.22 C 568.32 174.86 571.95 170 578.01 170 C 583.03 170 587.3 174.41 587.3 179.21 L 587.3 184.35 L 587.81 184.35 C 588.79 184.35 589.62 185.12 589.62 186.04 L 589.62 186.17 C 586.73 186.51 584.65 188.86 584.49 191.57 C 584.39 193.75 585.42 195.71 587.31 196.81 L 587.31 202.19 Z M 584.52 184.35 L 584.52 179.27 C 584.52 176.33 582.03 172.75 577.88 172.75 C 573.87 172.75 571.09 176.01 571.09 179.26 L 571.09 184.35 Z" fill="#505050" stroke="none" pointer-events="all"/><rect x="566" y="234.5" width="28.76" height="35.5" fill="none" stroke="none" pointer-events="all"/><path d="M 588.79 260.53 C 587.63 260.13 586 258.73 585.96 256.5 C 585.96 254.03 587.92 252.06 590.35 252.06 C 592.83 252.06 594.76 254.09 594.76 256.43 C 594.76 258.28 593.64 259.79 591.98 260.48 L 591.98 262.22 L 590.87 263.56 L 592.44 265.13 L 592.44 265.22 L 591.05 266.69 L 592.4 268.07 L 590.5 270 L 588.79 268.16 Z M 590.36 256.2 C 591.1 256.2 591.52 255.6 591.52 255.09 C 591.52 254.31 590.93 253.9 590.36 253.9 C 589.67 253.9 589.2 254.45 589.2 255.04 C 589.2 255.74 589.75 256.2 590.36 256.2 Z" fill="#da4026" stroke="none" pointer-events="all"/><rect x="566" y="234.5" width="0" height="0" fill="none" stroke="none" pointer-events="all"/><path d="M 567.78 266.69 C 566.94 266.69 566 265.92 566 264.87 L 566 250.56 C 566 249.54 566.92 248.85 567.79 248.85 L 568.32 248.85 L 568.32 243.72 C 568.32 239.36 571.95 234.5 578.01 234.5 C 583.03 234.5 587.3 238.91 587.3 243.71 L 587.3 248.85 L 587.81 248.85 C 588.79 248.85 589.62 249.62 589.62 250.54 L 589.62 250.67 C 586.73 251.01 584.65 253.36 584.49 256.07 C 584.39 258.25 585.42 260.21 587.31 261.31 L 587.31 266.69 Z M 584.52 248.85 L 584.52 243.77 C 584.52 240.83 582.03 237.25 577.88 237.25 C 573.87 237.25 571.09 240.51 571.09 243.76 L 571.09 248.85 Z" fill="#505050" stroke="none" pointer-events="all"/><rect x="230" y="412" width="160" height="49" rx="7.35" ry="7.35" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 437px; margin-left: 231px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>AES-256 GCM</b><br />Decrypt vault contents</div></div></div></foreignObject><text x="310" y="440" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">AES-256 GCM...</text></switch></g><rect x="430" y="520" width="170" height="70" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 163px; height: 1px; padding-top: 527px; margin-left: 437px;"><div style="box-sizing: border-box; font-size: 0px; text-align: left;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><div align="left"><b>Password slot</b></div><div align="left"><span>- Encrypted master key</span></div><div align="left"><span>- Scrypt parameters</span></div><div align="left"><span>- Salt</span></div></div></div></div></foreignObject><text x="437" y="539" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px">Password slot...</text></switch></g><rect x="430" y="590" width="170" height="40" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe flex-start; width: 163px; height: 1px; padding-top: 597px; margin-left: 437px;"><div style="box-sizing: border-box; font-size: 0px; text-align: left;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><div align="left"><b>Biometric slot</b><br /></div><div align="left"><span>- Encrypted master key</span></div></div></div></div></foreignObject><text x="437" y="609" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px">Biometric slot...</text></switch></g><rect x="566" y="530" width="28.76" height="35.5" fill="none" stroke="none" pointer-events="all"/><path d="M 588.79 556.03 C 587.63 555.63 586 554.23 585.96 552 C 585.96 549.53 587.92 547.56 590.35 547.56 C 592.83 547.56 594.76 549.59 594.76 551.93 C 594.76 553.78 593.64 555.29 591.98 555.98 L 591.98 557.72 L 590.87 559.06 L 592.44 560.63 L 592.44 560.72 L 591.05 562.19 L 592.4 563.57 L 590.5 565.5 L 588.79 563.66 Z M 590.36 551.7 C 591.1 551.7 591.52 551.1 591.52 550.59 C 591.52 549.81 590.93 549.4 590.36 549.4 C 589.67 549.4 589.2 549.95 589.2 550.54 C 589.2 551.24 589.75 551.7 590.36 551.7 Z" fill="#2072b8" stroke="none" pointer-events="all"/><rect x="566" y="530" width="0" height="0" fill="none" stroke="none" pointer-events="all"/><path d="M 567.78 562.19 C 566.94 562.19 566 561.42 566 560.37 L 566 546.06 C 566 545.04 566.92 544.35 567.79 544.35 L 568.32 544.35 L 568.32 539.22 C 568.32 534.86 571.95 530 578.01 530 C 583.03 530 587.3 534.41 587.3 539.21 L 587.3 544.35 L 587.81 544.35 C 588.79 544.35 589.62 545.12 589.62 546.04 L 589.62 546.17 C 586.73 546.51 584.65 548.86 584.49 551.57 C 584.39 553.75 585.42 555.71 587.31 556.81 L 587.31 562.19 Z M 584.52 544.35 L 584.52 539.27 C 584.52 536.33 582.03 532.75 577.88 532.75 C 573.87 532.75 571.09 536.01 571.09 539.26 L 571.09 544.35 Z" fill="#505050" stroke="none" pointer-events="all"/><rect x="566" y="595" width="28.76" height="35.5" fill="none" stroke="none" pointer-events="all"/><path d="M 588.79 621.03 C 587.63 620.63 586 619.23 585.96 617 C 585.96 614.53 587.92 612.56 590.35 612.56 C 592.83 612.56 594.76 614.59 594.76 616.93 C 594.76 618.78 593.64 620.29 591.98 620.98 L 591.98 622.72 L 590.87 624.06 L 592.44 625.63 L 592.44 625.72 L 591.05 627.19 L 592.4 628.57 L 590.5 630.5 L 588.79 628.66 Z M 590.36 616.7 C 591.1 616.7 591.52 616.1 591.52 615.59 C 591.52 614.81 590.93 614.4 590.36 614.4 C 589.67 614.4 589.2 614.95 589.2 615.54 C 589.2 616.24 589.75 616.7 590.36 616.7 Z" fill="#da4026" stroke="none" pointer-events="all"/><rect x="566" y="595" width="0" height="0" fill="none" stroke="none" pointer-events="all"/><path d="M 567.78 627.19 C 566.94 627.19 566 626.42 566 625.37 L 566 611.06 C 566 610.04 566.92 609.35 567.79 609.35 L 568.32 609.35 L 568.32 604.22 C 568.32 599.86 571.95 595 578.01 595 C 583.03 595 587.3 599.41 587.3 604.21 L 587.3 609.35 L 587.81 609.35 C 588.79 609.35 589.62 610.12 589.62 611.04 L 589.62 611.17 C 586.73 611.51 584.65 613.86 584.49 616.57 C 584.39 618.75 585.42 620.71 587.31 621.81 L 587.31 627.19 Z M 584.52 609.35 L 584.52 604.27 C 584.52 601.33 582.03 597.75 577.88 597.75 C 573.87 597.75 571.09 601.01 571.09 604.26 L 571.09 609.35 Z" fill="#505050" stroke="none" pointer-events="all"/><rect x="25" y="410" width="150" height="49" rx="7.35" ry="7.35" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 148px; height: 1px; padding-top: 435px; margin-left: 26px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><b>Vault</b><br />Locked</div></div></div></foreignObject><text x="100" y="438" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Vault...</text></switch></g><path d="M 175.31 436.5 L 223.63 436.5" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 228.88 436.5 L 221.88 440 L 223.63 436.5 L 221.88 433 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><rect x="145" y="421.5" width="24.31" height="30" fill="none" stroke="none" pointer-events="all"/><path d="M 164.26 443.49 C 163.28 443.16 161.9 441.98 161.87 440.09 C 161.87 438.01 163.53 436.34 165.58 436.34 C 167.68 436.34 169.31 438.06 169.31 440.03 C 169.31 441.6 168.37 442.87 166.96 443.45 L 166.96 444.92 L 166.02 446.06 L 167.35 447.39 L 167.35 447.46 L 166.17 448.71 L 167.31 449.87 L 165.71 451.5 L 164.26 449.95 Z M 165.59 439.84 C 166.22 439.84 166.57 439.33 166.57 438.9 C 166.57 438.24 166.07 437.9 165.59 437.9 C 165 437.9 164.61 438.36 164.61 438.86 C 164.61 439.45 165.07 439.84 165.59 439.84 Z" fill="#7fba42" stroke="none" pointer-events="all"/><rect x="145" y="421.5" width="0" height="0" fill="none" stroke="none" pointer-events="all"/><path d="M 146.5 448.7 C 145.8 448.7 145 448.05 145 447.16 L 145 435.07 C 145 434.21 145.78 433.63 146.51 433.63 L 146.96 433.63 L 146.96 429.29 C 146.96 425.61 150.03 421.5 155.15 421.5 C 159.39 421.5 163.01 425.23 163.01 429.28 L 163.01 433.63 L 163.43 433.63 C 164.26 433.63 164.96 434.28 164.96 435.06 L 164.96 435.17 C 162.52 435.46 160.77 437.44 160.63 439.73 C 160.54 441.57 161.41 443.23 163.01 444.16 L 163.01 448.7 Z M 160.66 433.63 L 160.66 429.33 C 160.66 426.85 158.55 423.83 155.04 423.83 C 151.65 423.83 149.31 426.58 149.31 429.33 L 149.31 433.63 Z" fill="#505050" stroke="none" pointer-events="all"/><path d="M 390 436.5 L 433.63 436.5" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 438.88 436.5 L 431.88 440 L 433.63 436.5 L 431.88 433 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><rect x="280" y="0" width="60" height="30" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 15px; margin-left: 281px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 10px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;"><font style="font-size: 20px"><b><u>Encryption</u></b></font></div></div></div></foreignObject><text x="310" y="18" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="10px" text-anchor="middle">Encryption</text></switch></g><rect x="280" y="350" width="60" height="30" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 365px; margin-left: 281px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 20px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; text-decoration: underline; white-space: normal; overflow-wrap: normal;"><div style="font-size: 20px">Decryption</div></div></div></div></foreignObject><text x="310" y="371" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="20px" text-anchor="middle" font-weight="bold" text-decoration="underline">Decryp...</text></switch></g></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Text is not SVG - cannot display</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/vault.md b/docs/vault.md
index 50b42c22..a95be41f 100644
--- a/docs/vault.md
+++ b/docs/vault.md
@@ -1,8 +1,8 @@
 # Aegis Vault
 
-Aegis persists the user's tokens to a file. This file is referred to as the
-__vault__. Users can configure the app to store the vault in plain text or to
-encrypt it with a password.
+Aegis persists the user's token secrets and related information to a file. This
+file is referred to as the __vault__. Users can configure the app to store the
+vault in plain text or to encrypt it with a password.
 
 This document describes Aegis' security design and file format. It's split up
 into two parts. First, the cryptographic primitives and use of them for
@@ -22,22 +22,21 @@ Encryption with Associated Data (AEAD) cipher and a Key Derivation Function
 __AES-256__ in __GCM__ mode is used as the AEAD cipher to ensure the
 confidentiality, integrity and authenticity of the vault contents.
 
-It requires a unique 96-bit nonce for each invocation with the same key.
-However, it is not possible to use a monotically increasing counter for this in
-this case, because a future use case could involve using the vault on multiple
-devices simultaneously, which would almost certainly result in nonce reuse. This
-is suboptimal, because 96 bits is not large enough to comfortably generate an
-unlimited amount of random numbers without getting collisions at some point
-either. As a repeat of the nonce would have catastrophic consequences for the
-confidentiality and integrity of the ciphertext, NIST strongly recommends not
-exceeding 2<sup>32</sup> invocations when using random nonces with GCM. As such,
-the security of the Aegis vault also relies on the assumption that this limit is
-never exceeded. In the case of Aegis, this is a reasonable assumption to make,
-as it's highly unlikely that a user will ever come close to saving the vault
-2<sup>32</sup> times.
+This cipher requires a unique 96-bit nonce for each invocation with the same
+key. This is not ideal, because 96 bits is not large enough to comfortably
+generate an unlimited amount of random numbers without getting collisions at
+some point. It is not possible to use a monotonically increasing counter in this
+case, because a future use case could involve using the vault on multiple
+devices simultaneously, which would almost certainly result in nonce reuse. As a
+repeat of the nonce would have catastrophic consequences for the confidentiality
+of the ciphertext, NIST strongly recommends not exceeding 2<sup>32</sup>
+invocations when using random nonces with GCM. As such, the security of the
+Aegis vault also relies on the assumption that this limit is never exceeded.
+This is a reasonable assumption to make, because it's highly unlikely that an
+Aegis user will ever come close to saving the vault 2<sup>32</sup> times.
 
 _Switching to a nonce misuse-resistant cipher like AES-GCM-SIV or a cipher with
-a larger (192 bits) nonce like XChaCha-Poly1305 will be explored in the future._
+a larger (192 bits) nonce like XChaCha-Poly1305 will be considered in the future._
 
 #### KDF
 
@@ -52,15 +51,13 @@ with the following parameters:
 
 These are the same parameters as Android itself uses to derive a key for
 full-disk encryption. Because of the memory limitations Android apps have, it's
-not possible to increase them without running into OOM conditions on most
-devices.
+not possible to increase these parameters without running into OOM conditions on
+most devices.
 
-_Argon2 is a more modern KDF that provides an advantage over scrypt because it
+_Argon2 is a more modern KDF that's a bit more flexible than scrypt, because it
 allows tweaking the memory-hardness parameter and CPU-hardness parameter
-separately, whereas scrypt ties those together into one cost parameter (N). As
-many applications have started using Argon2 in production, it seems that it has
-withstood the test of time. It will be considered as an alternative option to
-switch to in the future._
+separately, whereas scrypt ties those together into one cost parameter (N). It
+will be considered as an alternative option to switch to in the future._
 
 ### Encryption
 
@@ -70,8 +67,8 @@ __master key__.
 
 Aegis supports unlocking a vault with multiple different credentials. The main
 credential is a key derived from a user-provided password. In addition to that,
-users can also add a key backed by the Android KeyStore (authorized by
-biometrics) as a credential.
+users can also add a key backed by the Android KeyStore as a credential, which
+is only usable after biometrics authentication.
 
 #### Slots
 
@@ -92,8 +89,6 @@ the file is not.
 
 ### Overview
 
-An attempt was made to create a clear overview of the encryption system.
-
 ![](diagram.svg)
 
 ## Format
@@ -231,18 +226,23 @@ padding. The ``info`` object holds information specific to the OTP type. The
 
 There are a number of supported types:
 
-| Type                | ID      |
-| :------------------ | :------ |
-| TOTP  | "totp"  |
-| HOTP  | "hotp"  |
-| Steam               | "steam" |
+| Type                | ID       | Spec      |
+| :------------------ | :------- | :-------- |
+| HOTP                | "hotp"   | [RFC 4226](https://datatracker.ietf.org/doc/html/rfc4226)
+| TOTP                | "totp"   | [RFC 6238](https://datatracker.ietf.org/doc/html/rfc6238)
+| Steam               | "steam"  | N/A
+| Yandex              | "yandex" | N/A
 
 There is no specification available for Steam's OTP algorithm. It's essentially
-the same as TOTP, but it uses a different final encoding step. Aegis's
+the same as TOTP, but it uses a different final encoding step. Aegis'
 implementation of it can be found in
 [crypto/otp/OTP.java](https://github.com/beemdevelopment/Aegis/blob/master/app/src/main/java/com/beemdevelopment/aegis/crypto/otp/OTP.java).
 
-The following algorithms are supported for all OTP types:
+There is also no specification available for Yandex's OTP algorithm. Aegis'
+implementation can be found in
+[crypto/otp/YAOTP.java](https://github.com/beemdevelopment/Aegis/blob/master/app/src/main/java/com/beemdevelopment/aegis/crypto/otp/YAOTP.java)
+
+The following algorithms are supported for HOTP and TOTP:
 
 | Algorithm | ID       |
 | :-------- | :------- |
@@ -250,6 +250,8 @@ The following algorithms are supported for all OTP types:
 | SHA-256   | "SHA256" |
 | SHA-512   | "SHA512" |
 
+For Steam, only SHA-1 is supported. For Yandex, only SHA-256 is supported.
+
 Example of a TOTP entry:
 
 ```json