Alec Muffett

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Alec Muffett
Alec muffett.jpg
Alec David Edward Muffett

(1968-04-22) April 22, 1968 (age 50)
OccupationInternet-security evangelist, architect, and software engineer

Alec David Edward Muffett (born April 22, 1968) is an Anglo-American internet-security evangelist, architect, and software engineer. He is principally known for his work on Crack, the original Unix password cracker, and for the CrackLib password-integrity testing library; he is also active in the open-source software community. He worked[1] as a Software Engineer for Facebook.

Early life[edit]

Alec Muffett was born in Pennsylvania, the third child, and only son, of David Joseph Mead Muffett and Kathleen Jubb; his sisters are Louise and Amanda. Alec was educated at Sacred Heart College, Droitwich and University College London, where he studied Astronomy.

After graduation he commenced work as a lab assistant and Unix administrator at the university. In 1988 he took a position as Systems Programmer at the University of Wales in Aberystwyth, and it was there that he wrote the first version of the dictionary attack tool Crack. He was active on the Zardoz list during this period.

Tech career[edit]

Muffett joined Sun Microsystems in 1992, working initially as a systems administrator. He rose “through the ranks” to become the Principal Engineer for Security, a position which he held until he was retrenched, with many others, in 2009[2] (shortly before Oracle acquired Sun). While at Sun he was one of the researchers who worked on the factorization of the 512 bit RSA Challenge Number; RSA-155 was successfully factorized in August 1999.[3] Muffett also worked on the Sun MD5 hash algorithm, which was introduced in Solaris 9 update 2. The new algorithm drew on Muffett's work in pluggable crypt, and it is now implemented in many different languages, for example Python.[4]

The algorithm uses the complete text of the famous soliloquy from Shakespeare's Hamlet: "To be or not to be, that is the question..." as the constant data. Muffett justified the choice of this text because "it exposes more programmers to Shakespeare, which has got to be a good thing".[5] After a sabbatical year, Muffett began to work on The Mine! Project, as lead developer. He subsequently became a director and consultant at Green Lane Security; he also consults for Surevine. He became a director of the Open Rights Group in October 2011.[6] Muffett blogs professionally, for Computer World at Unscrewing Security and personally at Dropsafe, and has numerous publications to his credit, besides being an frequent presenter at technical conferences.[7]

Muffett is a co-inventor (with Darren Moffat and Casper Dik) of the patent "Method and apparatus for implementing a pluggable password obscuring mechanism", United States Patent 7,249,260, Issued June 12, 2003.[8]

Personal life[edit]

Muffett's father, David,[9] was a former British Colonial Administrator in Africa, big game hunter and professor of African studies at Duquesne University at Pittsburgh.[10][11]

Alec Muffett lives in Hartley Wintney, Hampshire, England.[citation needed]


  1. ^ I've retired from FB now Twitter
  2. ^ [1], LinkedIn; accessed March 23, 2017.
  3. ^ RSA-155 is factored! Archived 2012-07-22 at the Wayback Machine.,; accessed March 23, 2017.
  4. ^ passlib.hash.sun_md5_crypt - Sun MD5 Crypt,; accessed March 23, 2017.
  5. ^ [2] OpenSolaris, Pluggable Crypt, and the SunMD5 Password Hash Algorithm
  6. ^ [3] Board of Directors, Open Rights Group
  7. ^ Alec Muffett's Speaking History, Lanyrd.
  8. ^ "Patent: Method and apparatus for implementing a pluggable password obscuring mechanism", Google Patents.
  9. ^ Muffett lived a life full of cannibals and councils,; accessed 23 March 2017.
  10. ^ David Muffett - obituary, Telegraph.
  11. ^[permanent dead link]

External links[edit]

Alec Muffett: Almost Everything You Ever Wanted To Know About Security

Alec Muffett, Proper Care and Feeding of Firewalls

Alec Muffett, WAN-hacking with AutoHack, Auditing security behind the firewall