Identity And Data Security For Web Development

Jonathan Leblanc download

https://ebookbell.com/product/identity-and-data-security-for-web-
development-jonathan-leblanc-5905594

Explore and download more ebooks at ebookbell.com

Here are some recommended products that we believe you will be
interested in. You can click the link to download.

Identity And Data Security For Web Development Best Practices Jonathan
Leblanc

https://ebookbell.com/product/identity-and-data-security-for-web-
development-best-practices-jonathan-leblanc-5471604

Access Contested Security Identity And Resistance In Asian Cyberspace

Ronald Deibert

https://ebookbell.com/product/access-contested-security-identity-and-
resistance-in-asian-cyberspace-ronald-deibert-5075594

Cybersecurity Protecting Your Identity And Data Marylane Kamberg

https://ebookbell.com/product/cybersecurity-protecting-your-identity-
and-data-marylane-kamberg-48952404

Trusted Data A New Framework For Identity And Data Sharing Revised And
Expanded Edition Revised And Expanded Thomas Hardjono Editor

https://ebookbell.com/product/trusted-data-a-new-framework-for-
identity-and-data-sharing-revised-and-expanded-edition-revised-and-
expanded-thomas-hardjono-editor-36341478
Mastering Identity And Access Management With Microsoft Azure Empower
Users By Managing And Protecting Identities And Data 2nd Edition
Jochen Nickel

https://ebookbell.com/product/mastering-identity-and-access-
management-with-microsoft-azure-empower-users-by-managing-and-
protecting-identities-and-data-2nd-edition-jochen-nickel-22657756

Privacy And Identity Management Fairness Accountability And

Transparency In The Age Of Big Data 13th Ifip Wg 92 96117 116sig 922
International Summer School Vienna Austria August 2024 2018 Revised
Selected Papers 1st Ed Eleni Kosta
https://ebookbell.com/product/privacy-and-identity-management-
fairness-accountability-and-transparency-in-the-age-of-big-data-13th-
ifip-wg-92-96117-116sig-922-international-summer-school-vienna-
austria-august-2024-2018-revised-selected-papers-1st-ed-eleni-
kosta-10487268

Marketing To The 90s Generation Global Data On Society Consumption And

Identity Anders Parment Auth

https://ebookbell.com/product/marketing-to-the-90s-generation-global-
data-on-society-consumption-and-identity-anders-parment-auth-5380776

The Druze In The Middle East Their Faith Leadership Identity And
Status Nissim Dana

https://ebookbell.com/product/the-druze-in-the-middle-east-their-
faith-leadership-identity-and-status-nissim-dana-11371608

Little Vast Rooms Of Undoing Exploring Identity And Embodiment Through

Public Toilet Spaces Dara Blumenthal

https://ebookbell.com/product/little-vast-rooms-of-undoing-exploring-
identity-and-embodiment-through-public-toilet-spaces-dara-
blumenthal-5238944
Identity and Data Security for Web
Development
Best Practices

Jonathan LeBlanc and Tim Messerschmidt

Beijing Boston Farnham Sebastopol Tokyo

Identity and Data Security for Web Development
by Jonathan LeBlanc and Tim Messerschmidt
Copyright © 2016 Jonathan LeBlanc, Tim Messerschmidt. All rights reserved.
Printed in the United States of America.
Published by O’Reilly Media, Inc. , 1005 Gravenstein Highway North, Sebastopol, CA 95472.
O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are
also available for most titles ( http://safaribooksonline.com ). For more information, contact our corporate/
institutional sales department: 800-998-9938 or [email protected] .

Editor: Meg Foley Indexer: FILL IN INDEXER

Production Editor: FILL IN PRODUCTION EDI‐ Interior Designer: David Futato
TOR Cover Designer: Karen Montgomery
Copyeditor: FILL IN COPYEDITOR Illustrator: Rebecca Demarest
Proofreader: FILL IN PROOFREADER

January -4712: First Edition

Revision History for the First Edition

2016-04-01: First Early Release
2016-04-08: Second Early Release

See http://oreilly.com/catalog/errata.csp?isbn=9781491936948 for release details.

The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Identity and Data Security for Web
Development, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc.
While the publisher and the author(s) have used good faith efforts to ensure that the information and
instructions contained in this work are accurate, the publisher and the author(s) disclaim all responsibil‐
ity for errors or omissions, including without limitation responsibility for damages resulting from the use
of or reliance on this work. Use of the information and instructions contained in this work is at your own
risk. If any code samples or other technology this work contains or describes is subject to open source
licenses or the intellectual property rights of others, it is your responsibility to ensure that your use
thereof complies with such licenses and/or rights.

978-1-491-93694-8
[FILL IN]
 Table of Contents

Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
The problems with current security models 1
Poor Password Choices 2
Security Over Usability 3
Improper Data Encryption 4
The weakest link: human beings 5
Single sign-on 6
Understanding Entropy in Password Security 7
Entropy in Randomly Selected Passwords 7
Entropy in Human Selected Passwords 9
Breaking Down System Usage of a Username and Password 11
Securing our current standards for identity 11
Good and bad security algorithms 12
What data should be protected? 13
Account Recovery Mechanisms & Social Engineering 13
The Problem with Security Questions 14
Next up 15

2. Password Encryption, Hashing, and Salting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Data at Rest vs Data in Motion 17
Data at Rest 17
Data in Motion 19
Password Attack Vectors 19
Brute Force Attack 21
Creating a CAPTCHA with reCAPTCHA 22
Dictionary Attacks 28

iii
 Reverse Lookup Tables 29
Rainbow Tables 30
Salting 32
Generating a Random Salt 32
Salt Reuse 33
Salt Length 33
Where to Store the Salt 34
Peppering 34
Choosing the Right Password Hashing Function 35
bcrypt 36
PBKDF2 37
scrypt 38
Validating a Password Against a Hashed Value 39
Key Stretching 41
Recomputing Hashes 41
Next Steps 42

3. Identity Security Fundamentals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Understanding the concept of various identity types 43
Social Identity 44
Concrete Identity 45
Thin Identity 45
Enhancing user experience by utilizing identity 46
Introducing the concept of Trust Zones 46
Browser Fingerprinting 48
Configurations More Resistant to Browser Fingerprinting 49
Identifiable Browser Information 49
Capturing Browser Details 50
Location Based Tracking 52
Device Fingerprinting (Phone / Tablet) 54
Device Fingerprinting (Bluetooth Paired Devices) 55
Implementing Identity 56

4. Securing the Login with OAuth 2 and OpenID Connect. . . . . . . . . . . . . . . . . . . . . . . . . . . 57

The difference between authentication and authorization 57
Authentication 57
Authorization 58
What is OAuth and OpenID Connect? 58
Introducing OAuth 2.0 61
Handling authorization with OAuth 2.0 63
Using the Bearer Token 65
Authorization and authentication with OpenID Connect 66

iv | Table of Contents
 Security considerations between OAuth 2 and OAuth 1.0a 67
Building an OAuth 2.0 server 68
Creating the Express application 68
Setting up our server’s database 69
Generating Authorization Codes and tokens 69
The Authorization Endpoint 72
Handling a token’s lifetime 75
Handling Resource Requests 78
Using Refresh Tokens 81
Handling errors 82
Adding OpenID Connect functionality to the server 86
The ID Token Schema 87
Modifying the Authorization Endpoint 88
Adjusting the Token Endpoint 89
The UserInfo Endpoint 91
Session Management with OpenID Connect 91
Building an OAuth 2 Client 91
Using Authorization Codes 92
Authorization using Resource Owner Credentials or Client Credentials 95
Adding OpenID Connect functionality to the client 96
The OpenID Connect Basic flow 97
Beyond OAuth 2.0 and OpenID Connect 98

5. Alternate methods of identification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Device and browser fingerprinting 101
2-factor authentication and n-factor authentication 102
n-factor authentication 103
One-Time Passwords 103
Implementing two-factor authentication with Authy 107
Biometrics as username instead of password 113
How to rate biometric effectiveness 114
Face recognition 114
Retina and Iris scanning 115
Vein recognition 116
Upcoming standards 116
FIDO Alliance 116
Oz 118
The Blockchain 119

6. Hardening Web Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Securing sessions 121
Different types of sessions 122

Table of Contents | v
 How Express handles sessions 123
Handling XSS 127
The Three Types of XSS Attacks 127
Testing XSS Protection Mechanisms 127
Conclusion 132
CSRF attacks 132
Handling CSRF with csurf 133
Valuable resources for Node 134
Lusca 134
helmet 135
Node Security Project 135
Other mitigation techniques 136
Our findings 137

7. Data Transmission Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

SSL/TLS 139
Certificate Validation Types and Authorities 140
Creating your own Self-Signed Certificate for Testing 143
Asyncronous Cryptography 151
Use Case 151
Implementation Example 153
Advantages, Disadvantages, and Uses of Aynchronous Cryptography 160
Synchronous Cryptography 160
Initialization Vector 161
Padding 162
Block Cipher Modes of Operation 164
Using AES with CTR Encryption Mode 166
Using AES with with GCM Authenticated Encryption Mode 168
Advantages, Disadvantages, and Uses of Synchronous Cryptography 170

A. GitHub Repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

B. Technical Preconditions and Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

vi | Table of Contents
 Preface

“Companies Lose $400 Billion to Hackers Each Year”1

—Inc. Magazine

In a cybersecurity market report2, issued by Cybersecurity Ventures in Q4 of 2015,

they stated that cyber attacks are costing businesses between $400 - $500 billion a
year. In the same thread, IT security spending is due to increase by 4.7% in 2015 to
$75.4 billion USD, with an estimate that the world will spend upwards of $101 billion
in information security in 2018, and growing to $170 billion in 2020. Due to this, it’s
projected that there will be a cybersecurity workforce shortage of 1.5 million by 2019,
as demand is expected to rise 6 million people in 2019.
As web and application developers, designers, engineers, and creators, we are no
longer living in an age where we can offload the knowledge of identity and data secu‐
rity to someone else. In this age, a web developer can unwittingly open up a security
flaw on a site simply by not understanding how to properly obscure data in transmis‐
sion, a project manager can cause a major attack vector to open up in an application
by not understanding that previously secure password algorithms have been shown
to now include flaws, and not prioritize the work on rehashing the database of user
records. It is now the business of every person working on a system to take a part in
ensuring that your users and data are protected.
Despite these facts, it seems like every week we have new cases of companies, from
startups to massive corporations, losing privileged user information, credit card data,
medical records, and many other pieces of information that are entrusted to protect.
It comes to light that many of these same organizations never took the effort to
encrypt data properly, storing everything in plaintext, awaiting for some hacker to
abuse.

1 http://www.inc.com/will-yakowicz/cyberattacks-cost-companies-400-billion-each-year.html
2 http://cybersecurityventures.com/cybersecurity-market-report/

vii
The true problem is that hacking is no longer just the business of individuals wanting
to prove that they can breach a system, it is now a realm of organized businesses,
hacking for money or to damage the business.
This is where this text comes in. As we explore each chapter and concept, we will be
taking the approach of how to plug holes in existing systems, protect against viable
attack vectors, and how to work in environments that are sometimes naturally inse‐
cure. We’ll look at concepts such as:

• Understanding the state of web and application security, with concepts.

• Building security password encryption, and how to combat password attack vec‐
tors.
• Creating digital fingerprints to identify users, through browser, device, and
paired device detection.
• Building secure data transmission systems through OAuth and OpenID Connect.
• Using alternate methods of identification for a second factor of authentication.
• How to harden your web applications against attack.
• Creating a secure data transmission system using SSL/TLS, Synchronous and
Asynchronous cryptography.

In the end, we’ll have a comprehensive understanding of the current state of identity
and data security, knowing how to protect ourselves against potential attacks, and
protecting our users from having the data that they entrusted to us compromised.

Acknowledgments
First of all we would like to thank the O’Reilly crew for publishing this book and ena‐
bling us to share our knowledge, thoughts and opinion with many individuals around
the world. A huge special thanks goes out to our editor Meg Foley, who has been
patient, supportive and helpful throughout the process of finishing this work.
Our thanks also go out to both Lenny Markus, Allen Tom, and Aaron Parecki, who
patiently reviewed this book’s manuscript and helped to improve its quality tremen‐
dously.
We’d also like to thank our developer relations team for proof-reading, providing cri‐
tique and freeing us up to work on this book.
Finally, we’d like to express our gratitude to you, our readers, for buying this book.
We hope you enjoy it!

viii | Preface
Jonathan
I’d like to start out by thanking my partner in crime, Tim, for being an amazing co-
author to work with. Without our continued conversations, building up and breaking
down all of our ideas into new amazing hybrids of their original selves, this book
wouldn’t have been what it is today. Your ideas, drive, and humor made this one of
my favorite experiences.
To my wife Heather, you’ve helped to keep me sane when I decided to write my first
book almost 5 years ago. Despite the fact that I forgot how much time away that took,
you stood by me when I decided to write another one. Without you, I could not have
kept my sanity and drive throughout this process. You have always been by my side to
encourage me to chase my dreams. You’ve been my biggest advocate through all of
this, and I love you for that.
To my daughter Scarlett, throughout the time that I have had to pleasure to be your
father, you have brought a calming effect into my life. With constant chaos, you have
allowed me to see that the world doesn’t have to be as serious as I used to think it was.
You’ve brought a peace into my life that I will always thank you for.
To my group, my friends. We may all go our separate ways, be split through compa‐
nies and across the world, but I will always see you as some of my closest friends. We
have been through so much together, and have sacrificed a lot. Despite all that, you
have been our supporters through everything we have gone through, boosting us up,
allowing us to succeed. Thank you.

Tim
I’d like to thank Jonathan, who’s not only been a fantastic colleague and friend, but
also a great co-author on this book. It was brilliant to be able to bounce ideas and
thoughts back and forth and I am positive that the book would have been far less
interesting without your influence, support and work.
My wife, Karin, deserves a huge thank you - and probably an even bigger bouquet of
flowers - for granting me all the time I needed in order to finish my work on this
book.
Joe Nash, Alan Wong, Steven Cooper and Cristiano Betta have been a fantastic team
throughout the time of authoring this book and deserve to be mentioned here.
I am grateful for everyone that encouraged me to write this piece and saw me ram‐
bling about security concepts and usability concepts on various stages.
A special mention goes to Danese Cooper, PayPal’s Head of Open Source, who highly
animated me to write down my thoughts beyond blog posts.

Preface | ix
Finally, I would like to thank both John Lunn and Taylor Nguyen, who supported me
tremendously in writing this book and gave me support and advice throughout my
career.

x | Preface
 CHAPTER 1
Introduction

Jonathan LeBlanc and Tim Messerschmidt

One of the most important investments that you can make in a system, company, or
application, is in your security and identity infrastructures. We can’t go a week
without hearing about another user customer breach, stolen credit cards, or identity
theft. Even though you can put an entire series of hurdles in the way of a potential
attacker, there will always exist a possibility that your databases will be breached,
information will be stolen, and an attacker will begin attempting to crack the sensitive
data that was stored (if encrypted).
There is no bulletproof, secure method for protecting your data, identity and data
security has always been about mitigating risk, protecting the secure data, and buying
yourself enough time to take action and reduce damage if something like this should
ever happen to you.
As we dive down into the concepts, technology, and programming methodologies
behind building a secure interface for data and identity. We’re explore the decisions,
tradeoffs, and core concepts that you will need to understand as you embark on mak‐
ing those final decisions about your security.
As we begin, the best place to start is in exploring what the major problems with data
security and identity are in the industry right now.

The problems with current security models

The current state of industry security is not one in which the technology can’t keep
up with the potential attack vectors, it’s one in which development choices lead us
down a path of weak systems. One of the biggest mistakes that many of us tend to
make is to assume that a user will understand how to protect their own accounts,
such as with strong password choices or two-factor authentication, or even if they do,

1
that they wouldn’t pick the most usable choice over the easiest one. We, as developers,
have to protect our users in the same way that we try to protect our systems, and we
must assume that the user will not do that for themselves.
What this means is that we have to purge a few misconceptions from our heads:

• The user will always use the most secure options: The simple fact is that the
worst thing you can rely on is that the user will be capable, or willing, to use the
option that will secure them and their data. The onus has to be on the site or ser‐
vice owner to ensure that data provided by the user for their security (such as a
password) is hardened to ensure that minimum levels of security are imposed
(see more about data encryption and security in Chapter 2). For instance, when
two-factor authentication services are offered, a typical adoption rate is approxi‐
mately between 5-10% of users.
• We should always make systems more secure, at the cost of usability: This is
typically one of the reactions to the last point, to make a system as secure as pos‐
sible, at the cost of usability of the system for the user. This is simply not the case,
there are numerous mechanisms that can be put in place to enhance security
without drastically affecting the user. We’ll explore this further below.
• Our security will never be breached: From startups to large companies, many
engineers have put too much faith in the security of their systems. What this has
lead to is lax data encryption standards, meaning that personal and privileged
information, such as credit card data, home addresses, etc, are stored as cleartext,
data that is not encrypted in any way. When the system is breached, hackers have
to put in no effort to capture and use that data.

Always assume your data will be stolen and use proper data encryption
In June, 2015, a massive breach of US government data was said to
expose the personal information on millions of government work‐
ers, since the data itself was not encrypted (source: Computer
World). No matter how big you are, you should always assume that
the possibility exists that your database security will be breached,
and data stolen. All sensitive information should always be prop‐
erly encrypted.

Let’s drill down into some of these issues a bit further to see the cause and effect of the
choices we make as users and developers.

Poor Password Choices

As we stated above, users are notorious for choosing highly unsecure passwords for
their accounts. To expand on that proof point, let’s look at the top passwords of 2015,

2 | Chapter 1: Introduction
compiled by SplashData from files containing millions of stolen passwords that have
been posted online during the previous year.

Table 1-1. Most popular passwords of 2015

1: 123456 6: 123456789 11: welcome 16: dragon 21: princess
2: password 7: football 12: 1234567890 17: master 22: qwertyuiop
3: 12345678 8: 1234 13: abc123 18: monkey 23: solo
4: qwerty 9: 1234567 14: 111111 19: letmein 24: passw0rd
5: 12345 10: baseball 15: 1qaz2wsx 20: login 25: starwars

Before we get too far up in arms about people choosing these passwords, there are
many issues with the data sets that we need to be aware of:

• Since most of this data comes from information leaks, it could be that these pass‐
words are just easier to crack through dictionary or brute force attacks.
• We don’t know the sources of much of this data, so we can’t validate the security
measures in place on the sites or services.
• The data may contain anomalies, or simply bad data. If a default password is
being set by a service with a lot of leaked data (and never changed), it will push it
higher. If we are analyzing data from multiple different sources using informa‐
tion that was poorly parsed, or has those anomalies, the list will be skewed.

With that said, even though those passwords may be a smaller number than the lists
purport them to be, and the data may be highly skewed, they still exist. What this
means, when building a data and identity security system, is that you have to provide
an adequate level of protection for these people. Typically, you want to build for the
weakest possible authentication system, which, depending on your security require‐
ments, might be comprised of this list.
In many ways this is because of what we expect of people when they are creating a
password: provide a password with mixed case, at least one symbol & number, noth‐
ing recognizable in a dictionary or guessable from those who know you. These types
of expectations create poor usability for the user, where they won’t be able to remem‐
ber the password, and also ensures that they either pick the easiest way they can to
enter the site, or write down that complex password on a post-it note on their display.
Usability needs to be a part of identity security for it to be effective.

Security Over Usability

Favor security too much over the experience and you’ll make the website a pain to use.
—Anthony T, Founder

The problems with current security models | 3

Your main objective when handling the data and identity of your users is to ensure
their security, but at the same time you don’t want to alienate your entire user base by
making your sign-in forms complex, or by forcing a multi-screen, manual checkout
process for purchasing goods, or by continually challenging the user for identification
details as they are trying to use your service. Those are sure-fire ways of ensuring that
your users never return.

Main reasons for shopping cart abandonment included the user

being uncomfortable with the buying process (it was too complex /
lengthy), or they were forced to sign up before purchasing. Many of
these concerns can be solved through the usability considerations,
such as a single page checkout, and allowing a simplified guest
checkout.

The concept of usability versus security is always a balancing act. You need to ensure
that you have a high enough confidence in the security of your users, and at the same
time do as much behind the scenes so that the user isn’t forced to break out of the
experience of your site to continually verify themselves.
Some of the questions that we can ask ourselves, when thinking this through, are:

• Can I obtain identity information to increase my confidence that the user is who
they say they are, without imposing additional security checks on the user?
• If I have a high confidence that the user is who they say they are, can I build a
more usable experience for that user versus one that I have no confidence in?
• What content requires user identification, and when should I impose additional
levels of security to verify that?

We’ll explore these concepts further in Chapter 3, as we learn about trust zones and
establishing identity information on a user.

Improper Data Encryption

Data security and identification isn’t about planning for the best, it’s about planning
for the worst. If there is the possibility of something happening, you should assume
that it will happen and have a plan in place to decrease or mitigate the damage that is
done.
On March 27th, 2015, Slack announced that their systems had been breached, and
user information was stolen. The damage of the security incident was lessened
because of their strong data encryption methods. From their blog on the incident,
“Slack maintains a central user database which includes user names, email addresses,
and one-way encrypted (hashed) passwords. Slack’s hashing function is bcrypt with a
randomly generated salt per-password which makes it computationally infeasible that

4 | Chapter 1: Introduction
your password could be recreated from the hashed form.”. In addition, following this
incident, they introduced two factor authentication for users, as well as a password
kill switch for team owners that automatically logged out all users, on all devices, and
forced them to create a new password.
In the above case, data encryption and quick action prevented a massive theft of user
accounts, and lessened the damage to their credibility and the confidence their users
had in them. Data encryption isn’t always about trying to prevent data from being
stolen, it’s meant to slow down hackers from decrypting the data long enough to
make it either infeasible for them to decrypt massive amounts of data, or delay them
until you can take appropriate action.

The weakest link: human beings

As developers and service providers our biggest interest should be treating our users’
data with the most respect we can provide. Hence, we try to secure any kind of infor‐
mation a user provides to us by using encryption algorithms, offer safe ways to com‐
municate and continuously harden our infrastructure in an ongoing struggle.
The most important element in this chain, the human being, is often taken out of the
equation, and therefore we open up our application towards threats that we might
have not even considered when laying out and designing our security layer. Truth is:
users tend to go the easy way. This means for us, that people are likely to choose easy-
to-remember and short passwords, simple to guess usernames and might not have
been educated about current authentication technology like two-factor authentication
- also known as 2FA. Two-factor authentication is a technology that we will discuss in
depth in the fifth chapter of this book - it certainly deserves extra attention and focus.
Also we will discuss a technology deriving from 2FA simply titled n-factor authenti‐
cation that represents a scalable security approach depending on the use case.
It is easy to understand why people tend to use and especially reuse simple passwords
- it saves them time while setting up user profiles and makes authenticating against
services and applications a quick to execute task. Especially with the rise of mobile
we’re often facing small screen estate and touchscreen keyboards which can be expe‐
rienced as additional burden.
The phenomenon described here is also known as password fatigue. Gladly there are
multiple tools that we, as developers, can use in order to counter these problems and
ensure a smooth and pleasing registration and authentication flow within our appli‐
cations while still maintaining user security.

The weakest link: human beings | 5

 Many operating systems, browsers and third-party applications try
to solve the issue of password fatigue by allowing to both generate
randomized passwords and by offering a way to store those pass‐
words under protection of a master password.
A popular example would be the password-management applica‐
tion Keychain that got introduced with Mac OS 8.6.

More and more services like 1Password, Dashlane or LastPass offer to generate pass‐
words for their users. This removes the need to come up with a secure password and
is often seen as a convenient way to speed up user account registration.
Katie Sherwin, a member of the Nielsen Norman Group, released an article 1 about
simplifying password authentication flows and listed these three approaches as a way
to improve user experience:

• Show the Rules

• Show the User Input
• Show Strength Meters

By applying these three rules we can ensure that users feel comfortable about the
passwords they use and get a clear indication about the password’s strength itself.
Further research indicates that users that see a strength meter choose more secure
passwords - even if the strength indicator is not implemented that well2.
Those who saw a meter tended to choose stronger passwords than those who didn’t,
but the type of meter did not make a significant difference.3
—Dinei Florencio, Cormac Herley and Paul C. van Oorschot, An Administrator’s
Guide to Internet Password Research

Single sign-on
Single sign-on, also known as SSO, is a technology that leverages existing user
accounts in order to authenticate against various services. The idea behind this con‐
cept is prefilling and securing a central user account instead of forcing the user to
register at a variety of services over and over again.
Common choices that try to accommodate the wish to reuse user profiles to either
provide profile information or to simply authenticate against other services include
OpenID, OAuth 1.0, OAuth 2.0 and various hybrid models like OpenID Connect. In

1 http://www.nngroup.com/articles/password-creation
2 http://research.microsoft.com/pubs/227130/WhatsaSysadminToDo.pdf
3 http://research.microsoft.com/pubs/227130/WhatsaSysadminToDo.pdf

6 | Chapter 1: Introduction
Chapter 4 we will focus on a selection of authentication techniques and will discuss
both the technical implementation details as well as the security implications.

Understanding Entropy in Password Security

Before we get too far into the weeds, we should first address how we can determine a
weak password from a strong one, if that password was created by a human being.
The standard industry mechanism for determining password strength is called
“information entropy”, which is measured in the number of bits of information in a
provided source, such as a password.

Typically, if you are using passphrases, a good level of entropy to

have at minimum is 36.86 bits, which coincides with the average
entropy level of 3 random words selected from a list of 5000 possi‐
ble unique words from a list.

Password entropy is simply a measurement of how unpredictable a password is. Its

measurement is based on a few key characteristics:

• The symbol set that is used.

• The expansion of the symbol set through lowercase / uppercase characters.
• Password length.

Using the information above, password entropy, expressed in bits, is used to predict
how difficult it would be for the password to be cracked through guessing, dictionary
attacks, brute force cracking, etc.
When you are looking at determining overall password entropy, there are two main
ways of generating passwords that we should explore: randomly generated passwords
(computer generated), and human selected passwords.

According to one study, titled “A Large-Scale Study of Web Pass‐

word Habits”, by Dinei Florencio and Cormac Herley of Microsoft
Research, the entropy level of the average password was estimated
to be 40.54 bits.

Entropy in Randomly Selected Passwords

When we look into the entropy of randomly selected passwords (computer gener‐
ated), the process is fairly straightforward for determining the overall entropy of the
passwords, since there is no human, random, element involved. Depending on the

Understanding Entropy in Password Security | 7

symbol set that we choose symbols from, we can build a series of passwords with a
desired level of entropy fairly easily.
First, the generally accepted formula that we use to calculate entropy is: H = log 2 bl .
Where

• H = The password entropy, measured in bits

• b = The number of possible symbols in the symbol set
• l = The number of symbols in the password (or length)

To come up with the value of b, we can simply choose the symbol set that we are
using from the list below.

Table 1-2. Entropy for each symbol in a symbol set

Symbol set name Number of symbols in set Entropy per symbol (in bits)
Arabic numerals (0–9) 10 3.322
Hexadecimal numerals (0–9, A-F) 16 4.000
Case insensitive Latin alphabet (a-z or A-Z) 26 4.700
Case insensitive alphanumeric (a-z or A-Z, 0–9) 36 5.170
Case sensitive Latin alphabet (a-z, A-Z) 52 5.700
Case sensitive alphanumeric (a-z, A-Z, 0–9) 62 5.954
All ASCII printable characters 95 6.570
All extended ASCII printable characters 218 7.768
Binary (0-255 or 8 bits or 1 byte) 256 8.000
Diceware word list 7776 12.925

The symbol set you might not be familiar with above is the dice‐
ware word list. The method behind diceware is to use a single die
(from a pair of dice), and roll it 5 times. The numeric values on the
die each time create a 5 digit number (e.g. 46231, matching the
value of each individual roll). This number is then used to look up
a word from a given word list. There are 7776 possible unique
words using this method. See the diceware word list for the com‐
plete reference.

Using the formula, length of the password, and numbers of symbols in a given sym‐
bol set, you can estimate the bits of entropy from a randomly generated password.

8 | Chapter 1: Introduction
Exploring the Variety of Random
Documents with Different Content
BOOK EIGHTH.
THE SWISS.
1484-1522.
 CHAP. I.
Movements in Switzerland—Source of the Reformation—
Democratic Character—Foreign Service—Morality—The
Tockenburg—An Alpine Hut—A Pastoral Family.

At the moment when the decree of the Diet of Worms appeared, a

continually increasing movement was beginning to shake the quiet
valleys of Switzerland. The voice which was heard in the plains of
Upper and Lower Saxony was answered from the bosom of the
Helvetic mountains by the energetic voices of its priests, its
shepherds, and the citizens of its warlike cities. The partisans of
Rome, seized with terror, exclaimed that a vast and dreadful
conspiracy was every where formed against the Church. The friends
of the gospel filled with joy, said, that as in spring a living breath is
felt from the streams which run into the sea up to the mountain
tops, so, throughout all Christendom, the Spirit of God was now
melting the ices of a long winter, and covering with verdure and
flowers the lowest plains as well as the steepest and most barren
rocks.
Germany did not communicate the truth to Switzerland, nor
Switzerland to France, nor France to England. All these countries
received it from God, just as one part of the world does not transmit
the light to another part, but the same shining globe communicates
it directly to all the earth. Christ, the day-spring from on high,
infinitely exalted above all mankind, was, at the period of the
Reformation as at that of the establishment of Christianity, the divine
fire which gave life to the world. In the sixteenth century one and
the same doctrine was at once established in the homes and
churches of the most distant and diversified nations. The reason is,
that the same Spirit was every where at work producing the same
faith.
The reformation of Germany and that of
Switzerland demonstrate this truth. Zuinglius had MOVEMENTS IN
SWITZERLAND.
no intercourse with Luther. There was, no doubt, a
link between these two men; but we must search for it above the
earth. He who from heaven gave the truth to Luther, gave it to
Zuinglius. God was the medium of communication between them. "I
began to preach the gospel," says Zuinglius, "in the year of grace,
1516, in other words, at a time when the name of Luther had never
been heard of in our country. I did not learn the doctrine of Christ
from Luther, but from the word of God. If Luther preaches Christ, he
does what I do; that is all."[599]
But if the different reformations, which all proceeded from the same
Spirit, thereby acquired great unity, they also received certain
peculiar features, corresponding to the different characters of the
people among whom they took place.
We have already given a sketch of the state of Switzerland at the
period of the Reformation,[600] and will only add a few words to
what we have already said. In Germany, the ruling principle was
monarchical, in Switzerland it was democratic. In Germany the
Reformation had to struggle with the will of princes; in Switzerland,
with the will of the people. A multitude are more easily led away
than an individual, and are also more prompt in their decisions. The
victory over the papacy on the other side of the Rhine was the work
of years, but on this side of it required only months or days.
In Germany, Luther's person stands forth
imposingly from the midst of his Saxon FOREIGN
SERVICE.
countrymen. He seems to struggle alone in his
attack on the Roman Colossus, and wherever the battle is fought,
we see his lofty stature on the field of battle. Luther is, as it were,
the monarch of the revolution which is being accomplished. In
Switzerland, several cantons are at once engaged in the contest. We
see a confederacy of Reformers, and are astonished at their
numbers. No doubt there is one head which stands elevated above
the rest, but no one has the command. It is a republican magistracy,
where each presents his peculiar physiognomy, and exercises his
separate influence. We have Wittemberg, Zuinglius, Capito, Haller,
Œcolampadius. Again, we have Oswald Myconius, Leo Juda, Farel,
and Calvin, and the Reformation takes place at Glaris, Bâle, Zurich,
Berne, Neufchatel, Geneva, Lucerne, Schafausen, Appenzel, St. Gall,
and in the Grisons. In the Reformation of Germany, one scene only
is seen, and that one level like the country around; but in
Switzerland, the Reformation is divided, as Switzerland itself is
divided by its thousand mountains. So to speak, each valley has its
awakening, and each Alpine height its gleams of light.
A lamentable period had commenced in the history of the Swiss after
their exploits against the dukes of Burgundy. Europe, which had
learned to know the strength of their arm, had brought them forth
from their mountains, and robbed them of their independence, by
employing them to decide the destiny of states on battle-fields.
Swiss brandished the sword against Swiss on the plains of Italy and
France; and the intrigues of strangers filled these high valleys of the
Alps, so long the abode of simplicity and peace, with envy and
discord. Led away by the attraction of gold, sons, labourers, and
servants, stole away from the chalets of alpine pastures towards the
banks of the Rhine or the Po. Helvetic unity was crushed under the
slow step of mules loaded with gold. The object of the Reformation
in Switzerland—for there too it had a political aspect—was to re-
establish the unity and ancient virtues of the cantons. Its first cry
was that the Swiss should tear asunder the perfidious nets of
strangers, and embrace each other in strict union at the foot of the
cross. But the generous call was not listened to. Rome, accustomed
to purchase in these valleys the blood which she shed in order to
increase her power, rose up in wrath. She set Swiss against Swiss,
and new passions arose which rent the body of the nation in pieces.
Switzerland stood in need of a reformation. It is true there was
among the Helvetians a simplicity and good-nature, which the
polished Italians thought ridiculous, but, at the same time, it was
admitted that by no people were the laws of chastity more habitually
transgressed. Astrologers ascribed this to the constellations;[601]
philosophers, to the ardent temperament of this indomitable
population; and moralists, to the principles of the Swiss, who
regarded trick, dishonesty, and slander as much greater sins than
uncleanness.[602] The priests were prohibited from marrying, but it
would have been difficult to find one of them who lived in true
celibacy. The thing required of them was, to conduct themselves not
chastely, but prudently. This was one of the first disorders against
which the Reformation was directed. It is time to trace the
beginnings of this new day in the valleys of the Alps.
Towards the middle of the eleventh century, two
hermits set out from Saint Gall, and proceeding AN ALPINE
COTTAGE.
towards the mountains at the south of this ancient
monastery, arrived in a deserted valley about ten leagues long.[603]
Towards the north, the high mountains of Sentis, the Sommerigkopf,
and the Old-Man, separate this valley from the canton of Appenzel.
On the south, the Kuhfirsten, with its seven heads, rises between it
and the Wallenses, Sargans, and the Grisons, while the eastern side
of the valley opens to the rays of the rising sun, and discovers the
magnificent prospect of the Tyrolese Alps. The two solitaries having
arrived near the source of a small river, (the Thur,) built two cells.
The valley gradually became inhabited. On the highest portion of it,
2010 feet above the Lake of Zurich, there was formed, around a
church, a village named Wildhaus, or the Wild House, with which
two hamlets are now connected, viz., Lisighaus, or the House of
Elizabeth, and Schœnenboden. The fruits of the earth are unable to
grow upon these heights. A green carpet of Alpine freshness covers
the whole valley, and rises upon the sides of the mountains, above
which masses of enormous rocks lift their wild grandeur towards
heaven.
At a quarter of a league from the church near Lisighaus, on the side
of a path which leads into the pastures beyond the river, a solitary
house is still standing. The tradition is, that the wood used in
building it was cut upon the very spot.[604] Everything indicates that
it must have been erected at a very remote period. The walls are
thin. The windows have little round panes, and the roof is formed of
slabs, on which stones are laid to prevent the wind from carrying
them away. In front of the house there is a limpid gushing spring.
In this house, towards the end of the fifteenth
century, lived a man named Zuinglius, amman or A PASTORAL
FAMILY.
bailiff of the district. The family of the Zwingles, or
Zwingli, was ancient, and in high esteem among the inhabitants of
these mountains.[605] Bartholomew, brother of the bailiff, at first
curate of the parish, and, after 1487, dean of Wesen, was a person
of some celebrity in the district.[606] Margaret Meili, the wife of the
amman of Wildhaus, and whose brother John was afterwards abbot
of the convent of Fischingen in Thurgovia, had already given birth to
two sons, Heini and Klaus, when, on the first day of the year 1484,
seven weeks after the birth of Luther, a third son, Ulric, was born in
this solitary hut.[607] Five other sons, John, Wolfgang, Bartholomew,
James, Andrew, and a daughter, Anna, were afterwards added to
this Alpine family. No person in the country was more venerated
than amman Zuinglius.[608] His character, his office, his numerous
children, made him the patriarch of these mountains. He and all his
sons were shepherds. No sooner did the first days of May open upon
these mountains than the father and the children departed with their
flocks for the pastures, rising gradually from station to station, and
so, towards the end of July, reaching the highest summits of the
Alps. Then they began gradually to redescend towards the valley,
and in autumn the whole population of Wildhaus returned to their
humble huts. Sometimes, during the summer, the young people who
had been obliged to remain at home, eager for the mountain
breezes, set out in bands for the chalets, uniting their voices to the
melody of their rustic instruments. On their arrival on the Alps, the
shepherds from a distance saluted them with their horns and their
songs, and regaled them with a feast of milk. Afterwards the joyous
band, by turnings and windings, descended again into the valley,
moving to the sound of their pipes. Ulric in his youth doubtless
joined occasionally in this amusement. He grew up at the foot of
those rocks which seem eternal, and whose tops reach the heavens.
"I have often thought," says one of his friends, "that, being brought
near to heaven on these sublime heights, he there contracted
something celestial and divine."[609]
There were long winter evenings in the cottages of Wildhaus, and
then young Ulric, seated at the paternal hearth, listened to the
conversation of the bailiff and the old men of the district. He heard
them tell how the inhabitants of the valley had formerly groaned
under a heavy yoke. With the old men his heart beat high at the
thought of the independence which the Tockenburg had acquired,
and which the alliance with the Swiss had secured. A patriotic feeling
was kindled in his breast. Switzerland became dear to him; and if
any one uttered an unfavourable expression against the
confederates, the child instantly stood up and warmly defended their
cause.[610] During these long evenings he was often seen quietly
seated at the feet of his pious grandmother, with his eyes rivetted
upon her, listening to her Bible stories, and devout lessons, as he
eagerly received them into his heart.
 CHAP. II.
Young Ulric at Wesen—At Bâle—At Berne—The Dominican
Convent—Jetzer—The Apparitions—The Passion of the Lay
Brother—The Imposture—Discovery and Punishment—
Zuinglius at Vienna—At Bâle—Music at Bâle—Wittembach
teaches the Gospel—Leon Juda—The Curate of Glaris.

The good amman was delighted with the happy presages in his son.
He perceived that Ulric would be able to do something else than
herd his cows on Mount Sentis, singing the shepherd's song. One
day he took him by the hand and proceeded with him towards
Wesen. He traversed the verdant ridges of the Ammon, avoiding the
wild and precipitous rocks which border the lake of Wallenstadt. On
arriving at the town, he called upon his brother the dean, to whom
he intrusted the young mountaineer, in order that he might ascertain
what his talents were.[611] The leading feature in his character was
an innate horror at falsehood and a great love of truth. He himself
relates that one day, when he was beginning to reflect, the thought
struck him that falsehood should be punished more severely than
even theft; "for," adds he, "veracity is the parent of all the virtues."
The dean soon loved his nephew as if he had been his son;
delighted with his sprightliness, he entrusted his education to a
schoolmaster who in a short time taught him all that he knew
himself. Young Ulric, when ten years of age, having given indications
of a high order of intellect,[612] his father and his uncle resolved on
sending him to Bâle.
When the child of the Tockenburg arrived in this celebrated city, with
an integrity and purity of heart which he seemed to have inhaled
from the pure air of his mountains, but which came from a higher
source, a new world opened before him. The celebrity of the famous
council of Bâle; the university which Pius II had founded in 1460;
the printing presses, which revived the master-pieces of antiquity,
and circulated over the world the first fruits of the revival of letters;
the residence of distinguished men; the Wessels, the Wittembachs,
and, in particular, that prince of scholars and luminary of the
schools, Erasmus, rendered Bâle, at the period of the Reformation,
one of the great foci of light in the west.
Ulric entered the school of St. Theodore, which was
taught by Gregory Binzli, a man of an affectionate ZUINGLIUS AT
BALE. AT BERNE.
and gentle temper, at this period rare among DOMINICAN
teachers. Young Zuinglius made rapid progress. CONVENT.
The learned disputes which were then fashionable
among the doctors of universities had even descended to the youth
in schools. Ulric took part in them. He exercised his growing strength
against the children of other schools, and was always victorious in
those struggles which formed a kind of prelude to those by which
the papacy was to be overthrown in Switzerland.[613] His success
excited the jealousy of rivals older than himself. The school of Bâle
was soon outstripped by him as that of Wesen had been.
Lupulus, a distinguished scholar, had just opened at Berne the first
learned school that was founded in Switzerland. The bailiff of
Wildhaus and the curate of Wesen resolved to send their child
thither, and Zuinglius, in 1497, quitting the smiling plains of Bâle,
again drew near to the high Alps, where he had spent his childhood,
and whose snowy tops, gilded with the rays of the sun, he could see
from Berne. Lupulus, a distinguished poet, introduced his pupil to
the sanctuary of classic literature, a sanctuary then unknown, only a
few of the initiated having passed the threshold.[614] The young
neophyte ardently breathed an atmosphere rich in the perfumes of
antiquity. His intellect was developed and his style formed. He
became a poet.
Among the convents of Berne, that of the Dominicans held a
distinguished place. These monks were engaged in a serious quarrel
with the Franciscans. The latter maintained the immaculate
conception of the virgin, while the former denied it. In every step
the Dominicans took—before the rich altars which decorated their
church, and between the twelve pillars on which its arches were
supported—they thought only of humbling their rivals. They had
observed the fine voice of Zuinglius, and heard of his precocious
intellect, and thinking that he might throw lustre on their order,
strove to gain him.[615] With this view they invited him to remain in
their convent till he should make his noviciate. The whole prospects
of Zuinglius were threatened. The amman of Wildhaus having been
informed of the bait to which the Dominicans had had recourse,
trembled for the innocence of his son, and ordered him forthwith to
quit Berne. Zuinglius thus escaped those monastic enclosures into
which Luther rushed voluntarily. What happened afterwards may
enable us to comprehend the imminent danger to which Zuinglius
had been exposed.
In 1507 great excitement prevailed in the town of
Berne. A young man of Zurzach, named John JETZER.
APPARITIONS.
Jetzer, having one day presented himself at this
same Dominican convent, had been repulsed. The poor youth in
despair had returned to the charge, holding in his hand fifty-three
florins and some pieces of silk. "It is all I possess," said he, "take it,
and receive me into your order." He was admitted on the 6th
January among the lay brothers. But the very first night a strange
noise in his cell filled him with terror. He fled to the Carthusian
convent, but was again sent back to that of the Dominicans.
On the following night, being the eve of the feast
of St. Matthew, he was awoke by deep sighs, and IMPOSTURE.
perceived at his bedside a tall phantom in white. "I
am," said a sepulchral voice, "a soul escaped from the fire of
purgatory." The lay brother trembling, replied, "God save you; for
me, I can do nothing." Then the spirit advanced towards the poor
friar and, seizing him by the throat, indignantly upbraided him with
his refusal. Jetzer in terror exclaimed, "What then can I do to save
you?" "Flagellate yourself for eight days till the blood comes, and lie
prostrate on the pavement of the chapel of St. John." So answered
the spirit, and disappeared. The lay brother gave information of the
apparition to his confessor, a preacher of the convent, and by his
advice submitted to the discipline required. The rumour soon spread
throughout the town that a soul had applied to the Dominicans to be
delivered from purgatory. The Franciscans were deserted, and every
one ran to the church to see the holy man lying prostrate on the
ground. The soul from purgatory had intimated that he would
reappear in eight days. On the night appointed it in fact did appear,
accompanied by two other spirits that were tormenting it and
howling horribly. "Scotus," said the spirit, "Scotus, the inventor of
the Franciscan doctrine of the immaculate conception of the Virgin,
is among those who like me are suffering these fierce pains." At this
news, which soon spread over Berne, the partisans of the
Franciscans were still more alarmed. The spirit on disappearing had
announced a visit from the Virgin herself. In fact, on the day
appointed, the astonished friar saw Mary herself appear in his cell.
He could not believe his eyes. She approached him kindly, gave him
three of our Saviour's tears, three drops of his blood, a crucifix, and
a letter addressed to Pope Julius II, "who," said she, "was the
individual chosen by God to abolish the festival of her pretended
immaculate conception." Then coming still closer to the bed on
which the friar lay, she announced, in a solemn tone, that a great
grace was to be conferred on him, and drove a nail into his hand.
The lay brother uttered a loud shriek, but Mary wrapt up his hand in
a piece of linen which her Son, she said, had worn after his flight
into Egypt. This wound was not sufficient to make the glory of the
Dominicans equal to that of the Franciscans. Jetzer must have the
five wounds of Christ and of St. Francis in his hands, feet, and side.
The four others were inflicted, and then, after giving him a draught,
he was placed in a hall hung with pictures representing our Saviour's
passion. Here having spent whole days fasting, his imagination soon
became heated. The doors of the hall were then thrown open from
time to time to the public who came in crowds to contemplate with
devout astonishment the friar with his five wounds, stretching out
his arms, bending his head, and by his positions and gestures
imitating the crucifixion of our Lord. Sometimes, out of his wits, he
foamed, and seemed about to breathe his last. The whisper went
round, "He is enduring the cross of Christ." The multitude, eager for
miracles, continually thronged the convent. Men worthy of high
esteem, among others Lupulus himself, the master of Zuinglius,
were overawed, and the Dominicans, from the height of the pulpit
extolled the glory which God was bestowing on their order.
This order had for some years felt the necessity of humbling the
Franciscans, and of augmenting the respect and liberality of the
people by means of miracles. Berne, "a simple, rustic, and ignorant
town," as the sub-prior of Berne described it to the Chapter held at
Wimpfen on the Necker, had been selected as the theatre of their
operations. The prior, sub-prior, preacher, and purveyor of the
convent, had undertaken to perform the leading characters, but they
wanted the talent necessary to perform them to the end. A new
apparition of Mary having taken place, Jetzer thought he recognised
the voice of his confessor, and having said so aloud, Mary
disappeared. She soon made her appearance again, to censure the
incredulous friar. "This time it is the prior," exclaimed Jetzer, rushing
forward with a knife in his hand. The saintess threw a pewter plate
at the poor friar's head, and likewise disappeared.
In consternation at the discovery which Jetzer had
thus made, the Dominicans tried to disencumber ZUINGLIUS AT
VIENNA AND
themselves of him by means of poison. He BALE.
perceived it; and, having taken flight, disclosed the
imposition. They put on a good countenance, and sent deputies to
Rome. The pope committed the decision to his legate in Switzerland,
and the bishops of Lausanne and Sion. The four Dominicans being
convicted, were condemned to be burnt alive; and on the 1st May,
1509, were consumed by the flames, in presence of more than thirty
thousand spectators. The affair made a noise throughout Europe,
and by unveiling one of the worst sores of the Church, prepared the
Reformation.[616]
Such were the men into whose hands Ulric Zuinglius had nearly
fallen. He had studied literature at Berne; he behoved now to devote
himself to philosophy, and with this view repaired to Vienna. A youth
from St. Gall, named Joachim Vadian, whose genius gave promise to
Switzerland of a distinguished scholar and a statesman; Henri Loreti,
of the canton of Glaris, commonly called Glarean, and apparently
destined to shine among poets; John Heigerlin, son of a forgemaster,
and hence surnamed Faber, of a versatile temper, fond of honour
and glory, possessing all the qualities indicative of a courtier—such
were Ulric's fellow-students and companions in the capital of Austria.
Zuinglius returned to Wildhaus in 1502; but on revisiting his
mountains he felt that he had drunk of the cup of science, and could
no longer live amid the songs of his brothers and the bleating of
their flocks. He was eighteen years of age, and repaired to Bâle,[617]
to engage again in literary pursuits, and thus at once master and
pupil he taught at the school of St. Martin, and studied at the
university; from this time he was able to dispense with assistance
from his father. Shortly after, he took the degree of master of arts.
An Alsatian, named Capito, nine years older than he, was one of his
best friends.
Zuinglius devoted himself to the study of scholastic
theology; for, being called one day to combat its WITTEMBACH.
ZUINGLIUS AND
sophisms, he behoved to explore its obscure LEO JUDA.
labyrinth. But the light hearted student of the
mountains of Sentis was often seen suddenly to shake off the dust
of the school, and, substituting amusement for his philosophic toils,
seize the lute, or the harp, or the violin, or the flute, or the
tympanon, or the cornet, or the hunting horn, extract joyous sounds
from these instruments as in the prairies of Lisighaus, and make his
lodgings, or the dwellings of his friends, re-echo with the airs of his
country, accompanying them with his voice. In regard to music, he
was a true child of the Tockenburg, superior to all.[618] In addition to
the instruments we have already named, he played several others.
An enthusiast in the art he diffused a taste for it in the university,
not from any desire of dissipation, but because he loved thus to
relax his mind when fatigued by serious study, and fit himself for
returning with greater zeal to difficult labours.[619] None had a gayer
humour, a more amiable disposition, or more engaging conversation.
[620] He was a vigorous Alpine tree which developed itself in all its
gracefulness and strength, and which, never having been pruned,
threw out strong branches in all directions. The time was coming
when these branches would turn vigorously in the direction of
heaven.
After he had forced an entrance into scholastic theology he left its
arid tracts fatigued and disgusted, having found nothing in it but
confused ideas, vain babbling, vain glory, barbarism, and not one
sound idea of doctrine. "It is only a loss of time," said he, and
waited for something better.
At this time, (November, 1505,) arrived at Bâle Thomas Wittembach,
son of a burgomaster of Bienne. Wittembach had till then taught at
Tubingen, side by side with Reuchlin. He was in the vigour of life,
sincere, pious, skilled in the liberal arts, and mathematics, and well
acquainted with the Holy Scriptures. Zuinglius and all the academic
youth immediately flocked around him. A spirit hitherto unknown
animated his lectures, and prophetic words escaped from his lips:
"The time is not distant," said he, "when scholastic theology will be
abolished and the ancient doctrine of the Church restored."[621]
"The death of Christ," added he, "is the only ransom of our souls."
[622] The heart of Zuinglius eagerly received these seeds of life.[623]
At this period classical studies began every where to supplant the
scholastics of the middle age. Zuinglius, like his preceptors and
friends, threw himself into this new course.
Among the students who followed the lessons of the new teacher
with the greatest enthusiasm was a young man of twenty-three, of
small stature, and a feeble sickly appearance, but whose eye
bespoke at once gentleness and intrepidity. This was Leo Juda, son
of an Alsatian curate, and whose uncle had fallen at Rhodes, fighting
in defence of Christendom, under the standard of the Teutonic
knights. Leo and Ulric were on intimate terms. Leo played the
tympanon, and had a very fine voice. The joyous melodies of the
young friends of the arts were often heard in his lodgings. Leo Juda,
at a later period, became the colleague of Zuinglius, and even death
could not destroy their sacred friendship.
At this time the office of pastor of Glaris having
become vacant, Henry Goldli, a young courtier of ZUINGLIUS
BECOMES
the pope, and groom of the stable to his holiness, CURATE OF
obtained the appointment from his master, and GLARIS.
hastened with it to Glaris. But the Glarian
shepherds, proud of the antiquity of their race, and of their battles
for freedom, were not disposed to bow implicitly to a piece of
parchment from Rome. Wildhaus is not far from Glaris; and Wesen,
where Zuinglius' uncle was curate, is the place where the market of
the district is held. The reputation of the young master of arts of
Bâle had penetrated even into these mountains; and the Glarians,
wishing to have him for their priest, gave him a call in 1506.
Zuinglius having been ordained at Constance by the bishop,
preached his first sermon at Rapperswil, read his first mass at
Wildhaus on St. Michael's day, in presence of all his relations and the
friends of his family, and towards the close of the year arrived at
Glaris.
 CHAP. III.
Love of War—Schinner—Pension from the Pope—The Labyrinth
—Zuinglius in Italy—Principle of Reform—Zuinglius and
Luther—Zuinglius and Erasmus—Zuinglius and the Elders—
Paris and Glaris.

Zuinglius immediately engaged in the zealous discharge of the work

which his vast parish imposed upon him. Still he was only twenty-
two years of age, and often allowed himself to be carried away by
the dissipation and lax ideas of his age. A priest of Rome he was like
the other priests around him. But even at this period, though the
evangelical doctrine had not changed his heart, Zuinglius did not
give way to those scandals which frequently afflicted the Church.
[624] He always felt the need of subjecting his passions to the holy
rule of the gospel.
A love of war at this time inflamed the quiet valleys of Glaris where
there were families of heroes—the Tschudis, the Walas, the Æblis,
whose blood had flowed on the field of battle. The youth listened
with eagerness to the old warriors when they told them of the wars
of Burgundy and Suabia, of the battles of St. James and Ragaz. But
alas! it was no longer against the enemies of their liberties that
these warlike shepherds took up arms. They were seen, at the
bidding of the kings of France, of the emperor, the dukes of Milan, or
the holy father himself, descending from the Alps like an avalanche,
and rushing with the noise of thunder against the troops drawn up in
the plain.
A poor boy named Matthew Schinner, who was at
the school of Sion in the Valais, (it was toward the SCHINNER.
middle of the latter half of the fifteenth century,)
singing before the houses, as young Martin Luther shortly after did,
heard himself called by an old man, who, being struck with the
frankness with which the child answered his questions, said to him
with that prophetic spirit with which man is said to be sometimes
endowed when on the brink of the grave, "Thou art to be a bishop
and a prince."[625] The expression sunk deep into the young
mendicant, and from that moment boundless ambition took
possession of his heart. At Zurich and Como the progress he made
astonished his masters. Having become curate of a small parish in
Valais, he rose rapidly, and being sent at a later period to ask from
the pope the confirmation of a bishop of Sion, who had just been
elected, he obtained the bishopric for himself, and girt his brow with
the episcopal mitre. This man, ambitious and crafty, but often noble
and generous, always considered any dignity bestowed upon him as
only a step destined to raise him to some still higher dignity. Having
offered his services to Louis XII, and named his price, "It is too
much for one man," said the king. "I will show him," replied the
bishop of Sion, offended, "that I am a man worth several men." In
fact he turned towards pope Julius II, who gladly received him, and
Schinner succeeded in 1510 in linking the whole Swiss confederation
to the policy of this ambitious pontiff. The bishop having been
rewarded with a cardinal's hat smiled when he saw that there was
now only one step between him and the papal throne.
Schinner's eye was continually turned to the
cantons of Switzerland, and as soon as he there ZUINGLIUS'
POEM, "THE
discerned any man of influence he hastened to LABYRINTH."
attach him to himself. The pastor of Glaris drew his
attention, and Zuinglius soon received intimation that the pope had
granted him an annual pension of fifty florins, to encourage him in
the cultivation of letters. His poverty did not allow him to purchase
books; and the money during the short time that Ulric received it
was devoted to the purchase of classical or theological works, which
he procured from Bâle.[626] Zuinglius was now connected with the
cardinal, and accordingly joined the Roman party. Schinner and
Julius II at last disclosed the end which they had in view in these
intrigues. Eight thousand Swiss mustered by the eloquence of the
cardinal-archbishop, passed the Alps; but famine, war, and French
gold obliged them to return to their mountains without glory. They
brought back the usual results of these foreign wars,—distrust,
licentiousness, party spirit, all sorts of violence and disorder. Citizens
refused to obey their magistrates, and children their parents;
agriculture and the care of their flocks were neglected; luxury and
mendicity kept pace with each other; the most sacred ties were
broken, and the confederation seemed on the point of being
dissolved.
The eyes of the young curate of Glaris were now opened, and his
indignation aroused. He raised his voice aloud to warn them of the
abyss into which they were about to fall. In 1510 he published his
poem entitled "The Labyrinth." Behind the windings of this
mysterious garden, Minos has hidden the Minotaur, that monster,
half man half bull, whom he feeds on the flesh of young Athenians.
"The Minotaur, ... in other words," says Zuinglius, "sin, vice,
irreligion, and the foreign service of the Swiss," devour the sons of
his countrymen.
Theseus, a man of courage, wishes to deliver his country, but
numerous obstacles arrest him;—first, a lion with one eye; this is
Spain and Arragon;—then a crowned eagle, whose throat is opened
to devour it; this is the empire;—then a cock, with his comb up, and
calling for battle; this is France. The hero surmounts all these
obstacles, gets up to the monster, stabs it, and saves his country.
"So now," exclaims the poet, "men wander in a labyrinth, but having
no thread to guide them they cannot regain the light. No where is
there any imitation of Jesus Christ. A little glory makes us hazard our
life, torment our neighbour, rush into strife, war, and combat.... One
would say that the furies have escaped from the depths of hell."[627]
A Theseus, a Reformer was required. Zuinglius perceived this, and
thenceforth had a presentiment of his mission. Not long after he
composed an allegory with a still clearer application.[628]
In April, 1512, the confederates rose anew at the
bidding of the cardinal, for the deliverance of the ZUINGLIUS IN
ITALY.
Church. Glaris was in the foremost rank. The whole
population was brought into the field, ranged round their banner
with their landaman and their pastor. Zuinglius behoved to march.
The army passed the Alps, and the cardinal appeared amidst the
confederates with the presents given him by the pope,—a ducal hat
adorned with pearls and gold, and surmounted by the Holy Spirit,
represented under the form of a dove. The Swiss escaladed the
fortresses and towns, swam rivers in the presence of the enemy,
unclothed, and with halberds in their hands; the French were every
where put to flight; bells and trumpets resounded, and the
population flocked from all quarters; the nobles supplied the army
with wine and fruits in abundance; the monks and priests mounted
on platforms, and proclaimed, that the confederates were the people
of God taking vengeance on the enemies of the Lord's spouse; and
the pope becoming prophet, like Caiaphas of old, gave the
confederates the title of "Defenders of the liberty of the Church."
[629]

This sojourn of Zuinglius in Italy was not without its effect, in

reference to his vocation of Reformer. On his return from this
campaign, he began to study Greek, "in order," says he, "to be able
to draw the doctrine of Jesus Christ from the very fountain of truth."
[630] Writing to Vadian, 23rd February, 1513, he says, "I have
resolved so to apply myself to the study of Greek, that none will be
able to turn me from it but God. I do it not for fame, but from love
to sacred literature." At a later period, a worthy priest, who had
been his school companion, having come to pay him a visit, said to
him, "Master Ulric, I am assured that you are tainted with the new
heresy, that you are a Lutheran." "I am not a Lutheran," said
Zuinglius, "for I knew Greek before I heard of the name of Luther."
[631] To know Greek, to study the gospel in the original tongue, was,
according to Zuinglius, the basis of the Reformation.
Zuinglius did more than recognise, at this early period, the great
principle of evangelical Christianity—the infallible authority of the
Holy Scriptures. Besides this, he understood how the meaning of the
divine Word ought to be ascertained. "Those," said he, "have a very
grovelling idea of the Scriptures who regard whatever seems to
them at variance with their own reason as frivolous, vain, and
unjust.[632] Men have no right to bind the gospel at pleasure to their
own sense, and their own interpretation."[633] "Zuinglius raised his
eye to heaven," said his dearest friend, "unwilling to have any other
interpreter than the Holy Spirit himself."[634]
Such, from the commencement of his career, was
the man, whom some have not scrupled to ZUINGLIUS AND
LUTHER.
represent as having wished to subject the Bible to ZUINGLIUS AND
human reason. "Philosophy and theology," said he, ERASMUS.
"ceased not to raise up objections against me. I, at
length, arrived at this conclusion, 'We must leave all these things,
and seek our knowledge of God only in his Word.' I began,"
continues he, "earnestly to supplicate the Lord to give me his light,
and though I read only the text of Scripture, it became far clearer to
me than if I had read a host of commentators." Comparing the
Scriptures with themselves and explaining passages that were
obscure by such as were more clear,[635] he soon had a thorough
knowledge of the Bible, especially the New Testament.[636] When
Zuinglius thus turned toward the Holy Scriptures, Switzerland took
her first step in the Reformation. Accordingly, when he expounded
the Scriptures, every one felt that his lessons came from God, and
not from man.[637] "Work all divine!" here exclaims Oswald
Myconius; "thus was the knowledge of heavenly truth restored to
us!"
Zuinglius did not, however, despise the expositions of the most
celebrated doctors: at a later period, he studied Origen, Ambrose,
Jerome, Augustine, Chrysostom, but not as authorities. "I study the
doctors," says he, "with the same feelings with which one asks a
friend, 'What do you understand by this?'" The Holy Scripture was,
according to him, the touch-stone by which the most holy of the
doctors were themselves to be tested.[638]
Zuinglius's step was slow, but progressive. He did not come to the
truth like Luther amid those tempests which compel the soul to seek
a speedy shelter. He arrived at it by the peaceful influence of
Scripture, whose power gradually gains upon the heart. Luther
reached the wished-for shore across the billows of the boundless
deep; Zuinglius, by allowing himself to glide along the stream. These
are the two principal ways by which God leads men. Zuinglius was
not fully converted to God and his gospel till the first period of his
sojourn at Zurich; yet, in 1514 or 1515, at the moment when the
strong man began to bend the knee to God, praying for the
understanding of his Word, the rays of that pure light by which he
was afterwards illumined, first began to gleam upon him.
At this period, a poem of Erasmus, in which Jesus Christ was
introduced addressing man as perishing by his own fault, made a
powerful impression on Zuinglius. When alone in his study, he
repeated the passage in which Jesus complains that all grace is not
sought from him, though he is the source of all that is good. "All!"
said Zuinglius, "All!" And this word was incessantly present to his
mind. "Are there then creatures, saints, from whom we ought to ask
assistance? No! Christ is our only treasure."[639]
Zuinglius did not confine his reading to Christian writings. One of the
distinguishing characteristics of the sixteenth century is the profound
study of the Greek and Roman authors. The poetry of Hesiod,
Homer, Pindar, enraptured him, and he has left us commentaries, or
characteristics, on the two last poets. It seemed to him that Pindar
spoke of his gods in such sublime strains that he must have had
some presentiment of the true God. He studied Cicero and
Demosthenes thoroughly, and learned from them both the art of the
orator and the duties of the citizen. He called Seneca a holy man.
The Swiss mountaineer loved also to initiate himself in the mysteries
of nature, through the writings of Pliny. Thucydides, Sallust, Livy,
Cæsar, Suetonius, Plutarch, and Tacitus, taught him to know the
world. He has been censured for his enthusiastic admiration of the
great men of antiquity, and it is true that some of his observations
on this subject cannot be defended. But if he honoured them so
much, it was because he thought he saw in them not human virtues,
but the influence of the Holy Spirit. The agency of God, far from
confining itself to ancient times within the limits of Palestine,
extended, according to him, to the whole world.[640] "Plato," said
he, "has also drunk at the Divine source. And if the two Catos, if
Camillus, if Scipio had not been truly religious, would they have been
so magnanimous?"[641]
Zuinglius diffused around him a love of letters.
Several choice youths were trained in his school. ZUINGLIUS IN
REGARD TO
"You offered me not only books, but also yourself," ERASMUS.
wrote Valentine Tschudi, son of one of the heroes
of the wars of Burgundy; and this young man, who at that time had
already studied at Vienna and Bâle, under the most celebrated
teachers, adds, "I have never met with any one who explained the
classics with so much precision and profundity as yourself."[642]
Tschudi repaired to Paris, and was able to compare the spirit which
prevailed in that university, with that which he had found in the
narrow Alpine valley, over which impend the gigantic peaks and
eternal snows of the Dodi, the Glarnisch, the Viggis, and the
Freyberg. "How frivolously," says he, "the French youth are
educated! No poison is so bad as the sophistical art in which they
are trained—an art which stupifies the senses, destroys the
judgment, brutifies the whole man. Man is thenceforth, like the
echo, an empty sound. Ten women could not keep pace with one of
these rhetoricians.[643] In their prayers even they present their
sophisms to God, (I know the fact,) and pretend, by their syllogisms,
to constrain the Holy Spirit to hear them." Such, then, were Paris
and Glaris; the intellectual metropolis of Christendom, and a village
of Alpine shepherds. A ray of the Divine Word gives more light than
all human wisdom.
 CHAP. IV.
Zuinglius in regard to Erasmus—Oswald Myconius—The
Vagrants—Œcolampadius—Zuinglius at Marignan—Zuinglius
and Italy—Method of Zuinglius—Commencement of Reform
—Discovery.

A great man of this age, Erasmus, had much influence on Zuinglius,

who, as soon as any of his writings appeared, lost no time in
procuring it. In 1514, Erasmus had arrived at Bâle, and been
received by the bishop with marks of high esteem. All the friends of
letters had immediately grouped around him. But the monarch of the
schools had no difficulty in singling out him who was to be the glory
of Switzerland. "I congratulate the Swiss nation," wrote he to
Zuinglius, "that by your studies and your manners, both alike
excellent, you labour to polish and elevate them."[644] Zuinglius had
a most ardent desire to see him. "Spaniards and Gauls went to
Rome to see Titus Livy," said he. He set out, and on arriving at Bâle,
found a personage of about forty years of age, of small stature, a
frail body, a delicate look, but a remarkably amiable and winning
address.[645] It was Erasmus. His affability removed the timidity of
Zuinglius, while the power of his intellect overawed him. "Poor," said
Ulric to him, "as Eschines, when each of the scholars of Socrates
offered a present to his master, I give you what Eschines gave—I
give you myself."
Among the literary men who formed the court of
Erasmus, the Amerbachs, the Rhenans, the OSWALD
MYCONIUS.
Frobeniuses, the Nessens, the Glareans, Zuinglius
observed a youth from Lucerne, of twenty-seven years of age,
named Oswald Geisshüsler. Erasmus hellenising his name, had called
him Myconius. We will often designate him by his surname, to
distinguish the friend of Zuinglius from Frederick Myconius, the
disciple of Luther. Oswald, after studying first at Rothwyl with
Berthold Haller, a young man of his own age, next at Berne, and
lastly at Bâle, had in this last town been appointed rector of the
school of St. Theodoret, and afterwards of that of St. Peter. The
humble schoolmaster had a very limited income; but,
notwithstanding, had married a young girl of a simplicity and purity
of soul which won all hearts. We have already seen that Switzerland
was then in a troubled state, foreign wars having stirred up violent
disorders, and the soldiers having brought back to their country
licentiousness and brutality. One dark and cloudy winter day, some
of these rude men, in Oswald's absence, attacked his quiet dwelling.
They knocked at the door, threw stones, and applied the grossest
expressions to his modest spouse. At last they burst open the
windows, and having forced their way into the school and broken
every thing to pieces, made off. Oswald arrived shortly after. His little
boy, Felix, ran out to meet him crying, while his wife, unable to
speak, showed signs of the greatest terror. He understood what had
happened, and at that moment, hearing a noise in the street, unable
to restrain himself, he seized a musket, and pursued the villains as
far as the burying ground. They retreated, intending to defend
themselves. Three of them rushed upon Myconius and wounded
him, and, while his wound was being dressed, these wretches again
attacked his house, uttering cries of fury. Oswald says no more of
the matter.[646] Such scenes frequently occurred in Switzerland at
the beginning of the sixteenth century, before the Reformation had
softened and disciplined manners.
The integrity of Oswald Myconius, his thirst for science and virtue,
brought him into connection with Zuinglius. The rector of the school
of Bâle was alive to all that was grand in the curate of Glaris. Full of
humility, he shunned the praises bestowed upon him by Zuinglius
and Erasmus. "You schoolmasters," often said the latter, "I esteem
as highly as I do kings." But the modest Myconius did not think so.
"I only crawl along the ground," said he. "From infancy I had always
a feeling of littleness and humility."[647]
A preacher who had arrived at Bâle about the same
time as Zuinglius was attracting attention. Of a ŒCOLAMPADIUS.
mild and pacific disposition, he led a tranquil life;
slow and circumspect in conduct, his chief pleasure was to labour in
his study, and produce concord among Christians.[648] He was
named John Hausschein, in Greek Œcolampadius, that is, "light of
the house," and was born of wealthy parents in Franconia, a year
before Zuinglius. His pious mother longed to consecrate to literature
and to God the only child whom He had left her. The father intended
him first for a mercantile life, then for law. But as Œcolampadius was
returning from Bologna, where he had been studying law, the Lord,
who designed to make him a lamp in the Church,[649] called him to
the study of theology. He was preaching in his native town when
Capito, who had known him at Heidelberg, procured his appointment
as preacher at Bâle. There he proclaimed Christ with an eloquence
which filled his hearers with admiration.[650] Erasmus admitted him
to his intimacy. Œcolampadius was enraptured with the hours which
he spent in the society of this great genius. "In the Holy Scriptures,"
said the prince of literature, "one thing only ought to be sought, viz.,
Jesus Christ."[651] As a memento of his friendship he gave the young
preacher the commencement of John's Gospel. Œcolampadius often
kissed this precious pledge of affection, and kept it suspended to his
crucifix, "in order," said he, "that I may always remember Erasmus in
my prayers."
Zuinglius returned to his mountains, his mind and heart full of all
that he had seen and heard at Bâle. "I could not sleep," wrote he to
Erasmus, shortly after his return, "if I had not conversed for some
time with you. There is nothing of which I boast so much as of
having seen Erasmus." Zuinglius had received a new impulse. Such
journeys often exercise a great influence over the career of the
Christian. The disciples of Zuinglius—Valentin, Jost, Louis, Peter, and
Ægidius Tschudi; his friends, the landăman Æbli, the curate, Binzli of
Wesen, Fridolin Brunnen, and the celebrated professor Glarean, saw
with admiration how he grew in wisdom and knowledge. The old
honoured him as a courageous servant of his country, and faithful
pastors honoured him as a faithful servant of the Lord. Nothing was
done in the district without taking his advice. All the good hoped
that he would one day restore the ancient virtue of the Swiss.[652]
Francis I, having mounted the throne, and being
desirous to vindicate the honour of the French ZUINGLIUS AT
MARIGNAN.
name in Italy, the pope in alarm laboured to gain
the cantons. Accordingly, in 1515, Ulric revisited the plains of Italy
amid the phalanxes of his fellow-citizens. But the division which
French intrigues produced in the army stung him to the heart. He
was often seen in the middle of the camp energetically, and at the
same time wisely, haranguing his hearers in full armour ready for
battle.[653] On the 8th September, five days before the battle of
Marignan, he preached in the public square of Monza, where the
Swiss soldiers, who remained true to their colours, had reassembled.
"Had the counsels of Zuinglius been followed then and afterwards,"
says Werner Steiner of Zug, "what evils would not our country have
been saved!"[654] But all ears were shut to words of concord,
prudence, and submission. The vehement eloquence of Cardinal
Schinner electrified the confederates, and hurried them impetuously
to the fatal field of Marignan. There fell the flower of the Helvetic
youth. Zuinglius, who had been unable to prevent all these disasters,
threw himself, for the cause of Rome, into the midst of danger. His
hand seized the sword. Sad error of Zuinglius! A minister of Christ,
he more than once forgot that it was his duty to fight only with
spiritual weapons, and he was to see in his own person a striking
fulfilment of our Saviour's prophecy, He who takes the sword shall
perish by the sword.
Zuinglius and his Swiss had been unable to save Rome. The
ambassador of Venice was the first in the pontifical city who received
news of the defeat of Marignan. Delighted, he repaired at an early
hour to the Vatican. The pope came out of his apartment half
dressed to give him an audience. Leo X, on learning the news, did
not disguise his terror. At this moment of alarm he saw only Francis
I, and hoped only in him. "Ambassador," said he trembling to Zorsi,
"we must throw ourselves into the arms of the king, and cry for
mercy." Luther and Zuinglius in their danger knew another arm, and
invoked another mercy.[655]
This second sojourn in Italy was not without use to
Zuinglius. He observed the differences between the ZUINGLIUS'
METHOD.
Ambrosian ritual used at Milan and that of Rome.
He collected and compared together the most ancient canons of the
mass. In this way a spirit of enquiry was developed in him even
amid the tumult of camps. At the same time the sight of his
countrymen led away beyond the Alps, and given up, like cattle, to
the slaughter, filled him with indignation. "The flesh of the
confederates," it was said, "is cheaper than that of their oxen and
their calves." The disloyalty and ambition of the pope,[656] the
avarice and ignorance of the priests, the licentiousness and
dissipation of the monks, the pride and luxury of prelates, the
corruption and venality employed on all hands to win the Swiss,
being forced on his view more strongly than ever, made him still
more alive to the necessity of a reform in the Church.
From this time Zuinglius preached the Word of God more clearly. In
explaining the portions of the gospel and epistles selected for public
worship, he always compared Scripture with Scripture.[657] He spoke
with animation and force,[658] and followed with his hearers the
same course which God was following with him. He did not, like
Luther, proclaim the sores of the Church; but as often as the study
of the Bible suggested some useful instruction to himself, he
communicated it to his hearers. He tried to make them receive the
truth into their hearts, and then trusted to it for the works which it
behoved to produce.[659] "If they understand what is true," thought
he, "they will discern what is false." This maxim is good at the
commencement of a Reformation, but a time comes when error
must be boldly stigmatised. This Zuinglius knew very well. "The
spring," said he, "is the season to sow;" and with him it was now
spring.
Zuinglius has marked out this period (1516) as the
commencement of the Swiss Reformation. In fact, DISCOVERY.
if four years before he had bent his head over the
Word of God, he now raised it, and turned it toward his people, to
make them share in the light which he had found. This forms a new
and important epoch in the history of the development of the
religious revolution of those countries, but it has been erroneously
concluded, from these dates, that the Reformation of Zuinglius
preceded that of Luther. It may be that Zuinglius preached the
gospel a year before Luther's Theses, but Luther himself preached it
four years before these famous propositions.[660] Had Luther and
Zuinglius confined themselves merely to sermons, the Reformation
would not have so quickly gained ground in the Church. Neither
Luther nor Zuinglius was the first monk or the first priest who
preached a purer doctrine than that of the schoolmen. But Luther
was the first who publicly, and with indomitable courage, raised the
standard of truth against the empire of error, called general attention
to the fundamental doctrine of the gospel—salvation by grace,
introduced his age to that new career of knowledge, faith, and life,
out of which a new world has arisen; in a word, began a true and
salutary revolution. The great struggle, of which the Theses of 1517
were the signal, was truly the birth-throe of the Reformation, giving
it at once both a body and a soul. Luther was the first Reformer.
A spirit of enquiry began to breathe on the mountains of
Switzerland. One day the curate of Glaris, happening to be in the
smiling district of Mollis, with Adam its curate, Bunzli, curate of
Wesen, and Varachon, curate of Kerensen, these friends discovered
an old liturgy, in which they read these words: "After baptising the
child, we give him the sacrament of the Eucharist and the cup of
blood."[661] "Then," said Zuinglius, "the supper was at that period
dispensed in our churches under the two kinds." The liturgy was
about two hundred years old. This was a great discovery for these
priests of the Alps.
The defeat of Marignan had important results in the interior of the
cantons. The conqueror, Francis I, lavished gold and flattery in order
to gain the confederates, while the emperor besought them by their
honour, by the tears of widows and orphans, and the blood of their
brethren, not to sell themselves to their murderers. The French party
gained the ascendancy at Glaris, which, from that time, was an
uncomfortable residence to Ulric.
Zuinglius, at Glaris, might perhaps have remained a
man of the world. Party intrigues, political OUR LADY OF
EINSIDLEN.
questions, the empire, France, or the Duke of
Milan, might have absorbed his whole life. Those whom God means
to prepare for great services he never leaves amid the turmoil of the
world. He leads them apart, and places them in a retreat where they
commune with Him and their own consciences, and receive lessons
never to be effaced. The Son of God himself, who in this was a type
of the training given to his servants, spent forty days in the desert.
It was time to remove Zuinglius from political movements, which,
continually pressing upon his thoughts, might have banished the
Spirit of God from them. It was time to train him for another stage
than that on which courtiers, cabinets, and parties move, and where
he should have wasted powers worthy of nobler employment. His
country, indeed, needed something else. It was necessary that a
new life should now come down from heaven, and that he who was
to be the instrument in communicating it should unlearn worldly
things, in order to learn things above. The two spheres are entirely
distinct; a wide space separates these two worlds, and before
passing entirely from the one to the other, Zuinglius was to sojourn
for a time on neutral ground, in a kind of intermediate and
preparatory state, to be there taught of God. God accordingly took
him away from the factions of Glaris; and, with a view to this
noviciate, placed him in the solitude of a hermitage—confining within
the narrow walls of an abbey this noble germ of the Reformation,
which was shortly after to be transplanted to a better soil, and cover
the mountains with its shadow.
 CHAP. V.
Meinrad of Hohenzollern—Our Lady of Einsidlen—Calling of
Zuinglius—The Abbot—Geroldsek—Companionship in Study
—The Bible copied—Zuinglius and Superstition—First
Opposition to Error—Sensation—Hedio—Zuinglius and the
Legates—The Honours of Rome—The Bishop of Constance
—Samson and Indulgences—Stapfer—Charity of Zuinglius—
His Friends.

Meinrad of Hohenzollern, a German monk, about the middle of the

ninth century, wandering on till he came between the lakes of Zurich
and Wallstetten, had stopped upon a hill, resting on an amphitheatre
of firs, and there built a cell. Banditti imbrued their hands in the
blood of the saint. The bloody cell was long deserted, but towards
the end of the tenth century, a convent and a church, in honour of
the Virgin, were erected on the sacred spot. On the eve of the day
of consecration, when the Bishop of Constance and his priests were
at prayers in the church, a celestial chant, proceeding from invisible
voices, suddenly echoed through the chapel. They prostrated
themselves and listened in amaze. The next day, when the bishop
was going to consecrate the chapel, a voice repeated thrice, "Stop,
brother, stop! God himself has consecrated it!"[662] It was said, that
Christ in person had blessed it during the night, that the chant which
they had heard proceeded from angels, apostles, and saints, and
that the Virgin, standing upon the altar, had blazed forth like a flash
of lightning. A bull of Pope Leo VII forbade the faithful to question
the truth of this legend. Thenceforward an immense crowd of
pilgrims ceased not to repair to Our Lady of the Eremites to the
"consecration of angels." Delphi and Ephesus, in ancient, and
Loretto in modern times, alone have equalled the fame of Einsidlen.
It was in this strange place that, in 1516, Ulric Zuinglius was called
as priest and preacher.
Zuinglius hesitated not. "Neither ambition nor
avarice takes me there," said he; "but the intrigues THE ABBOT OF
EINSIDLEN.
of the French."[663] Higher motives determined GEROLDSEK.
him. On the one hand, having more solitude, more
calmness, and a less extensive parish, he could devote more time to
study and meditation; on the other hand, this place of pilgrimage
would give him facilities for spreading the knowledge of Jesus Christ
to the remotest countries.[664]
The friends of evangelical preaching at Glaris expressed deep grief.
"What worse could happen to Glaris," said Peter Tschudi, one of the
most distinguished citizens of the canton, "than to be deprived of so
great a man."[665] His parishioners finding him immovable, resolved
to leave him the title of pastor of Glaris, with part of the benefice,
and the means of returning when he chose.[666]
Conrad of Rechberg, a gentleman of ancient family, grave, candid,
intrepid, and occasionally somewhat rude, was one of the most
celebrated sportsmen of the district to which Zuinglius was removed.
He had established on one of his farms a manêge in which he reared
a breed of horses which became celebrated in Italy. Such was the
abbot of our Lady of the Eremites. Rechberg was equally averse to
the pretensions of Rome and the discussions of theologians. One
day, during a visitation of the Order, some observations were made
to him. "I am master here, not you," said he, somewhat rudely; "get
along." One day at table when Leo Juda was discussing some
difficult point with the administrator of the convent, the hunting
abbot exclaimed, "You, there, leave your disputes to me. I exclaim
with David, 'Have pity on me, O God, according to thy goodness,
and enter not into judgment with thy servant.' I have no need to
know any more."[667]
Baron Theobald of Geroldsek was administrator of
the monastery. He was of a meek spirit, sincerely COMPANIONSHIP
IN STUDY.
pious, and had a great love of literature. His
favourite design was to form a society of well-informed men in his
convent; and it was for this reason he had given a call to Zuinglius.
Eager for instruction and reading, he begged his new friend to direct
him. "Read the Holy Scriptures," replied Zuinglius, "and that you
may the better understand them, study Jerome. However," added
he, "the time will come, (and, by God's help, it is not far off,) when
Christians will not set a high value either on Jerome or any other
doctor, but only on the word of God."[668] The conduct of Geroldsek
gave indication of his progress in the faith. He allowed the nuns of a
convent dependent on Einsidlen to read the Bible in the vulgar
tongue; and, some years after, Geroldsek came to live at Zurich
beside Zuinglius, and to die with him on the field of Cappel. The
charm which hung about Zuinglius soon united him in tender
friendship, not only with Geroldsek, but also the chaplain Zink, the
excellent Œxlin, and other inmates of the abbey. These studious
men, far from the noise of party, joined together in reading the
Scriptures, the Fathers of the Church, the master-pieces of antiquity,
and the writings of the restorers of letters. This interesting society
was often enlarged by friends from a distance. Among others, Capito
one day arrived at Einsidlen. The two old friends of Bâle walked
together over the convent and the wild scenery in its
neighbourhood, absorbed in conversation, examining the Scriptures,
and seeking to know the Divine will. There was a point on which
they were agreed, and it was this—"The pope of Rome must fall." At
this time Capito was more courageous than he was at a later period.
Repose, leisure, books, friends—all these Zuinglius had in this
tranquil retreat—and he accordingly grew in understanding and in
faith. At this period (May, 1517) he commenced a work which was of
great utility to him. As in old time the kings of Israel wrote the law
of God with their own hand, so Zuinglius with his copied the Epistles
of St. Paul. The only editions of the New Testament then in existence
were of large size, and Zuinglius wished to have one which he could
carry about with him.[669] These Epistles he learned by heart, as he
did afterwards the other books of the New, and a part of the Old
Testament. Thus his heart became always more attached to the
sovereign authority of the Word of God. He was not satisfied with
merely acknowledging this; he was, moreover, desirous to bring his
life into true subjection to it. His views gradually became more
decidedly Christian. The end for which he had been brought into this
desert was accomplished. It is no doubt true that Zurich is the place
where his whole soul became thoroughly pervaded with Christian
principle; but even now at Einsidlen he made decided progress in the
work of sanctification. At Glaris he had taken part in the
amusements of the world; at Einsidlen he was more anxious for a
life unsullied by any taint of worldliness. Beginning to have a better
idea of the great spiritual interests of the people, he gradually
learned what God designed to teach him.
Providence had also other views in bringing him to
Einsidlen. Here he obtained a nearer view of the ZUINGLIUS AND
SUPERSTITION.
superstitions and abuses which had invaded the
Church. An image of the Virgin which was carefully preserved in this
monastery, had, it was said, the power of working miracles. Above
the gate of the Abbey appeared this presumptuous inscription:
—"Here is obtained a plenary remission of all sins." A multitude of
pilgrims flocked to Einsidlen from all parts of Christendom, to merit
this grace by their pilgrimage. The church, the abbey, and the whole
valley were crowded with devout worshippers on the festivals of the
Virgin. But it was especially at the grand festival of "the consecration
of the angels," that the hermitage was crowded to overflowing.
Thousands of individuals of both sexes climbed the acclivity of the
hill leading to the oratory, singing hymns and counting their beads.
These devout pilgrims crowded into the Church, thinking they were
there nearer God than any where else.
The residence of Zuinglius at Einsidlen was, in regard to the
exposure of papal abuses, similar in effect to Luther's visit to Rome.
Zuinglius' education for reformer was completed at Einsidlen. God
Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.

More than just a book-buying platform, we strive to be a bridge

connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.

Join us on a journey of knowledge exploration, passion nurturing, and

personal growth every day!

ebookbell.com