removed IDToken encrption

src/lib/crypto.ts

@@ -20,12 +20,11 @@ import { getSodium } from '../utils/sodium'
  */
 export async function deriveSecretKey(
   firebaseUID: string,
-  firebaseIDToken: string,
   salt: string
 ): Promise<Uint8Array> {
   // Use native Web Crypto API for key derivation (PBKDF2)
-  // This is more reliable than libsodium's Argon2i
-  const password = `${firebaseUID}:${firebaseIDToken}`
+  // Derives from UID only — stable across sessions
+  const password = firebaseUID
   const encoding = new TextEncoder()
   const passwordBuffer = encoding.encode(password)
   const saltBuffer = encoding.encode(salt)