Security deep dive: How the 0nVault container encryption works

I spent some time reviewing the vault encryption implementation. Here's a technical breakdown for anyone interested: **Encryption layers:** - **Outer layer**: AES-256-GCM with PBKDF2-SHA512 derived key (100K iterations) - **Credential layer**: Additional Argon2id encryption for sensitive data - **Container format**: Ed25519 signed binary (.0nv) **What makes it interesting:** - Hardware fingerprint binding — vault won't decrypt on a different machine - 7 semantic layers with independent access control - Multi-party escrow using X25519 ECDH (up to 8 parties) - Seal of Truth: SHA3-256 content-addressed integrity verification **The patent-pending part** (US #63/990,046) is the layer architecture. Each layer can have different encryption parameters and access policies. From a security perspective, this is solid engineering. Happy to answer questions about the crypto implementation.