Signed Copies of Data and Goliath

You can now order signed copies of Data and Goliath from my website.

Posted on April 24, 2015 at 2:12 PM • 10 Comments


ryanApril 24, 2015 10:21 PM

I purchased your book on Thursday at the RSA conference and was disappointed that you did now up for your book signing that was scheduled for 12-12:30 at Moscone south.

Nick PApril 24, 2015 11:20 PM

@ 06421

That's a great idea. Bruce cryptographically signing his final PDF and that being printed next to his signature would be a nice gimmick for a famous cryptographer. I'd up it to him physically signing it with the digital signature of his book or his name but that's a lot of writing even with ECC. We'll keep it simple with your scheme.

WaelApril 25, 2015 12:15 AM

@Nick P,

That's a great idea. Bruce cryptographically signing his final PDF

Do you mean his latest PDF, or do you know something we don't? I'm planning to get a copy too in the near future.

Nick PApril 25, 2015 12:55 AM

@ Wael

Lol. The final PDF or whatever format he sent to the publisher for this book. Don't be giving Fate ideas: it's terrifyingly creative as it is.

WaelApril 25, 2015 2:06 AM

@Nick P,

Don't be giving Fate ideas

Yup, you're right... Wasn't my intention! I was actually serious (that's why I didn't put a smiley at the end of the question.) Had you written the "Final revision" of the PDF, we wouldn't be having this discussion. I am now relieved :)

As for a "cryptographic" signature: How would you verify it, and what significance would it have besides it bieng "amusing"?

AnuraApril 26, 2015 2:24 PM


For verifying, if he signs a text-only version, you could just manually copy the text into your computer and verify it that way.

"Hmm... Verification failed, let me check... Aha! He had a typo on page 173 that I didn't copy correctly. Now it passed signature verification!"

WaelApril 26, 2015 5:50 PM


I know you wrote about pencil and paper ciphers a few times... This takes it to an extreme ;) I'd rather have a slide-rule that verifies the signature for me, or perhaps use one of @Thoth's abacuses after he dusts it off... lol :)

AnuraApril 28, 2015 1:37 PM

Okay, you asked for it, a pencil and paper hash function:

Get a code wheel, randomize the inner disk while leaving the outer in order, and initialize a 36 character hash state to 0,1,..,9,A,B,..,Z. Now, take the first and last characters of the state and align those characters the inner and outer wheels, respectively. Now, take the first character from the message and find it on the outer disk, the new first character of the state is the corresponding character on the inner disk. Repeat using the FIRST character of the message for every character in the state, lining up the previous character of the state on the inner disk with the current character of the state on the outer disk. When all 36 characters of the state have been set, do the same for the next character in the message and then repeat until you have consumed the entire message. Then append an underscore followed by the base ten representation of the length of the message.

Once you are done, reduce the state to an 18 character hash using the following method: Line up the zero on the inner wheel with the first character of the state on the outer wheel, then find the nineteenth character on the outer wheel. The first character of the hash is the corresponding character on the inner wheel. Repeat with the second character and the twentieth character, the third and the twenty-first, all the way through the eighteenth and the thirty-sixth character.

Now, you can simply use a hash-based signature scheme to sign it.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.