Jades decryption is odd to me. When I save a customers password in the database, we dont need to decrypt it to give them access into their account. Login process takes their password value, encrypts it, and checks with our database copy of their encrypted password to verify they match without a decrypt process, and through a match, they login. The fact that the seed itself is able to be decrypted tells me that they are using non SHA256 encryption, that their oracle server can potentially be holding those keys that are "decryptable" at their convenience. If they arent using SHA256 encryption universally, which is incapable of being decrypted, is there good reason to believe they would only be able/willing to decrypt part of your credentials?