diff --git a/source/security/architecture.rst b/source/security/architecture.rst
index 312fdfb..b225635 100644
--- a/source/security/architecture.rst
+++ b/source/security/architecture.rst
@@ -59,7 +59,7 @@ When opening a vault, the following steps have to be followed:
 
 #. Decode ``vault.cryptomator`` without verification.
 #. Read ``kid`` header and, depending on its value, retrieve the masterkey from the specified location.
-#. Verify the JWT signature using the masterkey.
+#. Verify the JWT signature using the concatenation of encryption masterkey and MAC masterkey.
 #. Make sure ``format`` and ``cipherCombo`` are supported.
 
 
@@ -125,7 +125,7 @@ The JWE's decrypted payload holds a single value, which can then be consumed by
 Masterkey File
 ^^^^^^^^^^^^^^
 
-Alternatively, for normal password-protected vaults, Cryptomator will derive a :abbr:`KEK (Key-encryption key)` via `scrypt <https://tools.ietf.org/html/rfc7914>`_, encrypt the masterkeys using `AES Key Wrap (RFC 3394) <https://tools.ietf.org/html/rfc3394>`_,
+Alternatively, for normal password-protected vaults, Cryptomator will derive a 32byte long :abbr:`KEK (Key-encryption key)` via `scrypt <https://tools.ietf.org/html/rfc7914>`_ (non-parallel), encrypt both masterkeys using `AES Key Wrap (RFC 3394) <https://tools.ietf.org/html/rfc3394>`_,
 and store the results together with the key derivation parameters in a JSON file:
 
 .. code-block:: console
@@ -160,4 +160,4 @@ When unlocking a vault the KEK is used to unwrap (i.e. decrypt) the stored maste
 .. image:: ../img/security/masterkey-decryption@2x.png
     :alt: Masterkey Decryption
     :width: 440px
-    :align: center
\ No newline at end of file
+    :align: center
diff --git a/source/security/vault.rst b/source/security/vault.rst
index 32e7cfb..026f38b 100644
--- a/source/security/vault.rst
+++ b/source/security/vault.rst
@@ -56,7 +56,7 @@ The payload of the last chunk may be smaller than 32 KiB.
     cleartextChunks[] := split(cleartext, 32KiB)
     for (int i = 0; i < length(cleartextChunks); i++) {
         chunkNonce := createRandomBytes(12)
-        aad := [bigEndian(i), headerNonce]
+        aad := bigEndian(i) . headerNonce
         ciphertextPayload, tag := aesGcm(cleartextChunks[i], contentKey, chunkNonce, aad)
         ciphertextChunks[i] := chunkNonce . ciphertextPayload . tag
     }