Alec Muffett

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Alec Muffett
Alec muffett.jpg
Alec David Edward Muffett

(1968-04-22) April 22, 1968 (age 52)
OccupationInternet-security evangelist, architect, and software engineer

Alec David Edward Muffett (born April 22, 1968) is an Anglo-American internet-security evangelist, architect, and software engineer. He is principally known for his work on Crack, the original Unix password cracker, and for the CrackLib password-integrity testing library; he is also active in the open-source software community.

Tech career[edit]

Muffett joined Sun Microsystems in 1992, working initially as a systems administrator. He rose “through the ranks” to become the Principal Engineer for Security, a position which he held until he was retrenched, with many others, in 2009[1] (shortly before Oracle acquired Sun). While at Sun he was one of the researchers who worked on the factorization of the 512 bit RSA Challenge Number; RSA-155 was successfully factorized in August 1999.[2] Muffett also worked on the Sun MD5 hash algorithm, which was introduced in Solaris 9 update 2. The new algorithm drew on Muffett's work in pluggable crypt, and it is now implemented in many different languages, for example Python.[3]

The algorithm uses the complete text of the famous soliloquy from Shakespeare's Hamlet: "To be or not to be, that is the question..." as the constant data. Muffett justified the choice of this text because "it exposes more programmers to Shakespeare, which has got to be a good thing".[4] After a sabbatical year, Muffett began to work on The Mine! Project, as lead developer. He subsequently became a director and consultant at Green Lane Security; he also consults for Surevine. He was a director of the Open Rights Group from October 2011 until January 2020.[1][5] Muffett blogs professionally, for Computer World at Unscrewing Security and personally at Dropsafe, and has numerous publications to his credit, besides being a frequent presenter at technical conferences.[6]

Muffett is a co-inventor (with Darren Moffat and Casper Dik) of the patent "Method and apparatus for implementing a pluggable password obscuring mechanism", United States Patent 7,249,260, Issued June 12, 2003.[7]

In 2015 Muffett was named as one the Top 6 influential security thinkers by SC Magazine.[8] In October of that year he coauthored [9] RFC 7686 "The ".onion" Special-Use Domain Name", with Jacob Applebaum.

More recently, Muffett assisted the New York Times with the creation of their own Tor onion site.[10] Following that he created an Onion Wikipedia site, accessible only over Tor. [11]

Previously, Muffett worked as a software engineer for Facebook, leading the team which added end-to-end encryption to Facebook Messenger.[12] Currently, he works as Principal Engineer, Infrastructure Security at Deliveroo.[13]


  1. ^ a b "Alec Muffett, Profile". LinkedIn. Retrieved 30 January 2020.
  2. ^ RSA-155 is factored! Archived 2012-07-22 at the Wayback Machine,; accessed March 23, 2017.
  3. ^ passlib.hash.sun_md5_crypt - Sun MD5 Crypt,; accessed March 23, 2017.
  4. ^ Muffett, Alec (5 December 2005). "OpenSolaris, Pluggable Crypt, and the SunMD5 Password Hash Algorithm". Dropsafe. Retrieved 30 January 2020.
  5. ^ "Open Rights Group Board". Open Rights Group. Retrieved 30 Jan 2020.
  6. ^ Alec Muffett's Speaking History, Lanyrd.
  7. ^ "Patent: Method and apparatus for implementing a pluggable password obscuring mechanism", Google Patents.
  8. ^ Top 6 influential security thinkers
  9. ^ RFC 7686 "The ".onion" Special-Use Domain Name"
  10. ^ The New York Times is Now Available as a Tor Onion Service NYT
  11. ^ Wikipedia over Tor? Alec Muffett experiments with an Onion Wikipedia site
  12. ^ I've retired from FB now Twitter
  13. ^ "Alec Muffett". Deliveroo engineering team blog. Retrieved 30 January 2020.

External links[edit]