Alec Muffett


Alec David Edward Muffett is an Anglo-American internet-security evangelist, architect, and software engineer. He is principally known for his work on Crack, the original Unix password cracker, and for the CrackLib password-integrity testing library; he is also active in the open-source software community.

Tech career

Muffett joined Sun Microsystems in 1992, working initially as a systems administrator. He rose “through the ranks” to become the Principal Engineer for Security, a position which he held until he was retrenched, with many others, in 2009. While at Sun he was one of the researchers who worked on the factorization of the 512 bit RSA Challenge Number; RSA-155 was successfully factorized in August 1999. Muffett also worked on the Sun MD5 hash algorithm, which was introduced in Solaris 9 update 2. The new algorithm drew on Muffett's work in pluggable crypt, and it is now implemented in many different languages, for example Python.
The algorithm uses the complete text of the famous soliloquy from Shakespeare's Hamlet: "To be or not to be, that is the question..." as the constant data. Muffett justified the choice of this text because "it exposes more programmers to Shakespeare, which has got to be a good thing". After a sabbatical year, Muffett began to work on The Mine! Project, as lead developer. He subsequently became a director and consultant at ; he also consults for Surevine. He was a director of the Open Rights Group from October 2011 until January 2020.
Muffett blogs professionally, for Computer World at Unscrewing Security and personally at Dropsafe, and has numerous publications to his credit, besides being a frequent presenter at technical conferences.
Muffett is a co-inventor of the patent "Method and apparatus for implementing a pluggable password obscuring mechanism", United States Patent 7,249,260, Issued June 12, 2003.
In 2015 Muffett was named as one the Top 6 influential security thinkers by SC Magazine. In October of that year he coauthored RFC 7686 "The ".onion" Special-Use Domain Name", with Jacob Applebaum.
More recently, Muffett assisted the New York Times with the creation of their own Tor onion site. Following that he created an Onion Wikipedia site, accessible only over Tor.
Previously, Muffett worked as a software engineer for Facebook, leading the team which added end-to-end encryption to Facebook Messenger. Currently, he works as Principal Engineer, Infrastructure Security at Deliveroo.