Experiences memorising cryptographic-strength secrets
by Stephen Hewitt | Published | Last updated
This article reports experiences memorising secrets strong enough to be cryptographic keys, meaning those with 128 bits of entropy.
A general system for memorising these was described in the 2018 article [KEY]. In summary the key is represented by a list of words which is memorised by well-known mnemonic techniques such as the method of loci. The system provides some choice in the words, which helps with creating mental associations.
The original article introduced a system with a 16-word list but since then I have memorised 128-bit secrets more quickly than ever by using systems with a 12-word list, which consequently I now prefer. However the change from a 16-word system to a 12-word one cannot account for all the increase in speed.
Using a 12-word system, it now takes me about half an hour or so to create a mnemonic association to each word along a familiar route. After this the memorisation requires very little more work. It turns out that the initial creative effort usually keeps it fresh in my memory for a few days or longer but what is essential is regular recall, although with decreasing frequency over time.
Recall takes less than a minute. It means mentally making the journey and remembering each word at its associated place along the way. I count these off on my fingers, in groups of four. Counting is essential because missing out a word is my most common mistake. There is no need to say the words out loud. After the first few days in general I don't need to check against any record. When I feel that I do (which does sometimes happen), then it usually means I have left the recall too long.
For the purposes of experimenting with memorisation of strong secrets like this I use a simple way of checking whether I have remembered the mnemonic correctly. It involves a computer and a cryptographic hash. I type in my mnemonic and I learn only whether my entry as correct or not. If it was not, I learn nothing except that I was wrong. I will call this testing myself.
When I recall a secret often enough it is easy and quick and I am sure it is correct. If I start to neglect it then recall becomes hard work because I have to strain to find the words and doubts start to creep in.
As an example, a 12-word mnemonic for a new key I memorised on 20 January 2025 involved the following work:
- An initial 18 minutes to create an association along the walk for every word.
- An attempt to recall a minute later. In this case I found that I could remember only 11 out of the 12 words and after struggling I looked at the list to get the missing one.
- Ten minutes after the first recall, I tested myself as described above and got it right first time. After this I was confident enough to leave further recalls until later that day. This, however is one of the shortest times in which I have reached this stage.
- One or two mental recalls in bed that night and the next day.
- A mental recall at least once a day for the next six days.
Before the end of these six days I was confident and could remember the phrase without doubt, meaning each time I recalled it I knew it was correct. What I cannot yet quantify so precisely is how often recall is needed after the initial week or two or even how often I have actually done it.
It took an initial 48 minutes to create the associations for a second 12-word mnemonic that I generated six days after this one. After that the recalling of the second one was similar.
What I can say is that on 20 June 2025 - five months after creating them - I tested myself on both these mnemonics and got them both correct first time, despite having some doubts about one or two of the words in both of them.
BIP39 and an example of a 12-word memory walk
BIP39 is a mnemonic system from the world of crypto currencies (BIP is Bitcoin Improvement Protocol). In June 2022 I decided to memorise a 12-word BIP39 phrase with the intention of being able to report that memorisation was harder than with the 16-word system I had presented in [KEY]. To my surprise I was easily able to remember the BIP39 phrase after taking only about 20 minutes to create the associations, the fastest I had ever achieved this.
Unfortunately I don't have a detailed record of how often I subsequently recalled it nor whether I ever had to remind myself of it. In October 2022 I wrote that I tested myself and got it right first time but I was not sure how often I had mentally recalled it since creating it in June, but it had not been very often in the last few months.
The next written record I have is from April 2025 when I tested myself and noted that I got it right first time. This means it had stayed in my head for nearly 3 years (and now has stayed more than three years) with only occasional sporadic recalls.
The surprise was because BIP39 has some points that are sub-optimal for memorisation.
- Its 12-word phrases include a 4-bit checksum which means that when you use it to memorise 128 bits you are doing an unnecessary extra 4 bits worth of memorisation work.
- It has a fixed vocabulary of 2048 words and no choice of word to use for a given value.
- Although the preferred BIP39 English word list does include many good words, it also includes words that are poor from the point of view of constructing mnemonics and making mental associations. Some words are even what linguists call function words, without any semantic content (eg “because”). It has “into” and other prepositions, numbers (eg “twenty”), “this”, “that” and other words with which it would be hard to make mental associations.
- Although its document says that an ideal word list has “similar words avoided”, the English word list contains for example both “true” and “truly”.
This good experience, despite the drawbacks of BIP39 as a memorisation system, was the motivation to develop a new 12-word system, which I subsequently used for the 12-word memorisations reported above. The new 12-word system is a work in progress, that will be the subject of a future article.
To present another example of how to use the method of loci in a memorable walk, in addition to the examples in [KEY], the BP39 word list was: “together claw tobacco safe review fire address garbage mirror secret dilemma arm”.
The method of loci, with associations along a journey, is the same regardless of the system used to generate the word list and can be illustrated with this word list even if BIP39 is not the ideal system. The memory walk associations that I created to remember this are below, with the mnemonic words in capitals.
An important point to understand is that the walk and the locations on it are real and familiar. They have to be real and familiar if they are to help with memorisation. Another example of a walk was given in [PW] where this fact was perhaps more self-evident because it was a walk through the publicly-known, real centre of Cambridge, whereas the following is a walk in the countryside that I could have invented. But the point is not to invent an imaginary landscape, but to use something with which you are already effortlessly familiar.
However it is possible to add some fictional construction, for example events that might happen but actually have not, into the real locations. So in this example, I have never bought a newspaper and read a review in it in the cafe, but the places where I might have done are very real and I can picture them clearly.
The walk in this case is to walk dogs with someone I know starting from their house. I can say therefore that we are going TOGETHER. As we walk down the drive away from the house I look back to see the cat who wants to come with us (real) but cannot be trusted on the road. The cat is therefore shut in (this is real) and is CLAWing (fictional) the glass porch door attempting to follow us. We pass a sort of general store (real) where they might sell TOBACCO. Next we pass the post office (real) where they probably have a SAFE for the money they handle. We reach a beach cafe (real) and stop for a coffee while I read a REVIEW in a newspaper I have just bought at the general store. We continue along the beach where there are people with portable barbecues, meaning FIRE. At the next exit from the beach, there is post box (real) where I could post a letter to an ADDRESS. Just past this are some public litter bins (real) which contain GARBAGE. A little further up the road is a car park (real) and the parked cars have MIRRORs. Walking back up towards the house, there is a SECRET about which I am not going to say more. Back at the house, there is the choice (real) of going in through the front or through the back garden, which is a DILEMMA. Going round the back, as I do, means putting my ARM through an opening (real) in the gate to slide the bolt on the other side.
Unexpected discoveries from experience
By periodically taking a minute to mentally recall the word list, entirely in my head, I can keep it fresh indefinitely without using it.
This means that for some applications I can memorise a strong secret in advance of needing it so that I have one ready to use that I already know I won't forget.
When I have some doubt about a word, and I think there are several possibilities, even my slightest intuition about which one is the correct one very often turns out to be correct. An example of the sort of thing is for example in the BIP39 mnemonic above I have more than once wondered whether “garbage” might be “trash” but opted on intuition for the correct one.
Once I have memorised a secret long term, meaning for several weeks or months, it seems that I don't need to recall it very often in order to remember it indefinitely. As noted above, I cannot yet quantify what the minimum frequency of recall would have to be. I could say once a month is enough, but there is no doubt that I have gone much longer than that and still been able to recall some secrets. This is perhaps the most unexpected discovery of all.