diff --git a/book/source/11-decryption.md b/book/source/11-decryption.md
index a14b3df..778c19a 100644
--- a/book/source/11-decryption.md
+++ b/book/source/11-decryption.md
@@ -55,7 +55,11 @@ Decrypting the session-key from a version 4 SKESK packet.
 ```
 
 With version 4 SKESK packets, which are only used with version 1 SEIPD packets, the *session-key* is used as *message-key* without an intermediate derivation.
-The symmetric cipher algorithm tag of the SKESK packet dictates the cipher algorithm used to decrypt the plaintext from the SEIPD packet.
+When the direct method is used, meaning no encrypted session-key was contained in the SKESK packet, the symmetric cipher algorithm ID of the SKESK packet dictates the cipher algorithm used to decrypt the plaintext from the SEIPD packet.
+
+Otherwise, the cipher algorithm ID to decrypt the SEIPD packet was prefixed to the decrypted session key.
+
+Sanitizing this first byte acts as a very early quick check to verify that the used passphrase was correct. For further validation of the session-key, see [](decryption_seipd_quick_check).
 
 ### SKESK v6
 
@@ -186,6 +190,7 @@ Legacy mode, may be decrypted, but not produced.
 
 ## Advanced topics
 
+(decryption_seipd_quick_check)=
 ### Verify successful session-key decryption
 
 SEIPDv1 packets might make use of a "quick check" mechanism to quickly verify that the correct session key was used without the need to decrypt the whole SEIPD packet.