Alec David Edward Muffett
April 22, 1968
|Occupation||Internet-security evangelist, architect, and software engineer|
Alec David Edward Muffett (born April 22, 1968) is an Anglo-American internet-security evangelist, architect, and software engineer. He is principally known for his work on Crack, the original Unix password cracker, and for the CrackLib password-integrity testing library; he is also active in the open-source software community.
Muffett joined Sun Microsystems in 1992, working initially as a systems administrator. He rose “through the ranks” to become the Principal Engineer for Security, a position which he held until he was retrenched, with many others, in 2009 (shortly before Oracle acquired Sun). While at Sun he was one of the researchers who worked on the factorization of the 512 bit RSA Challenge Number; RSA-155 was successfully factorized in August 1999. Muffett also worked on the Sun MD5 hash algorithm, which was introduced in Solaris 9 update 2. The new algorithm drew on Muffett's work in pluggable crypt, and it is now implemented in many different languages, for example Python.
The algorithm uses the complete text of the famous soliloquy from Shakespeare's Hamlet: "To be or not to be, that is the question..." as the constant data. Muffett justified the choice of this text because "it exposes more programmers to Shakespeare, which has got to be a good thing". After a sabbatical year, Muffett began to work on The Mine! Project, as lead developer. He subsequently became a director and consultant at Green Lane Security; he also consults for Surevine. He was a director of the Open Rights Group from October 2011 until January 2020. Muffett blogs professionally, for Computer World at Unscrewing Security and personally at Dropsafe, and has numerous publications to his credit, besides being a frequent presenter at technical conferences.
Muffett is a co-inventor (with Darren Moffat and Casper Dik) of the patent "Method and apparatus for implementing a pluggable password obscuring mechanism", United States Patent 7,249,260, Issued June 12, 2003.
In 2015 Muffett was named as one the Top 6 influential security thinkers by SC Magazine. In October of that year he coauthored  RFC 7686 "The ".onion" Special-Use Domain Name", with Jacob Applebaum.
Previously, Muffett worked as a software engineer for Facebook, leading the team which added end-to-end encryption to Facebook Messenger. Currently, he works as Principal Engineer, Infrastructure Security at Deliveroo.
- "Alec Muffett, Profile". LinkedIn. Retrieved 30 January 2020.
- RSA-155 is factored! Archived 2012-07-22 at the Wayback Machine, rsa.com; accessed March 23, 2017.
- passlib.hash.sun_md5_crypt - Sun MD5 Crypt, packages.python.org; accessed March 23, 2017.
- Muffett, Alec (5 December 2005). "OpenSolaris, Pluggable Crypt, and the SunMD5 Password Hash Algorithm". Dropsafe. Retrieved 30 January 2020.
- "Open Rights Group Board". Open Rights Group. Retrieved 30 Jan 2020.
- Alec Muffett's Speaking History, Lanyrd.
- "Patent: Method and apparatus for implementing a pluggable password obscuring mechanism", Google Patents.
- Top 6 influential security thinkers
- RFC 7686 "The ".onion" Special-Use Domain Name"
- The New York Times is Now Available as a Tor Onion Service NYT
- Wikipedia over Tor? Alec Muffett experiments with an Onion Wikipedia site
- I've retired from FB now Twitter
- "Alec Muffett". Deliveroo engineering team blog. Retrieved 30 January 2020.