What rubbish is this?

Does the author not understand entropy or probability?

Deriving an RSA key from the product of two memorizable numbers makes it brute-force-able, and sends us back to 1990s export controlled encryption strength.

Tattoo-ing a key on one’s arm (however ridiculous) would be better than the methods here.

In case one not digging into the source code, the key stretching here is PBKDF2-HMAC-SHA512 with 400,000 iterations (OWASP recommended 210,000).

The reason for not using Argon2 or scrypt is because PBKDF2 is native provide by Webcrypto yet FIPS-140 compliance.