Ask HN: Long-term recoverable digital vault without a master key?

The goal is a vault that can be recovered 10+ years later without writing down or backing up any master password. The only dependency should be stable long-term human memory.

The approach:

Instead of storing a password, the final encryption key is derived from multiple personal answers in sequence using Argon2.

k0 = seed

k1 = Argon2(answer1, salt = k0)

k2 = Argon2(answer2, salt = k1)

...

kn = Argon2(answern, salt = kn-1)

Final key = kn.

Properties:

No concatenation of answers

No static master password

Each step depends strictly on the previous

Memory-hard derivation (Argon2 at every step)

Brute forcing cannot be parallelized across answers

The vault is structured as nested encrypted layers. Each layer contains the next question and the next encrypted payload. You must answer each question correctly to decrypt the next layer. The file never stores the master key — only encrypted guidance for reconstructing it.

There’s a working prototype. Deterministic reconstruction works as long as the answers and seed remain unchanged.

My open architectural question is about the root seed (k0).

Right now k0 is derived from the container hash. But it could be any deterministic reproducible value.

What would be a robust long-term root of trust for a system that must remain recoverable after 10+ years without storing secrets?

Constraints:

Must be reproducible

Must not depend on external services

Must not introduce a new single point of failure

Must remain stable over a decade

Is using a file hash reasonable? Should k0 be user-derived? Should it be fixed and public?

More fundamentally: is relying on long-term human memory as a cryptographic reconstruction mechanism inherently flawed?

I’d especially appreciate critique around entropy assumptions, threat models, and long-term survivability risks.