Alec Muffett


Alec is a freelance blogger, speaker, software engineer and computer/network security consultant who has been working in that field almost constantly since 1988.

He is on the board of directors for the Open Rights Group.

Ancient History

Alec graduated with a degree in Astronomy from UCL in 1988.

He spent the following three years working at UCW Aberystwyth as a systems programmer, aiding their transition from VMS and Honeywell GCOS-3, to Unix. There he developed the password-cracking suite Crack – later Cracklib – and released it upon USENET to much notoriety. He also authored and subsequently edited the first USENET Security FAQ.

From that point forwards, see LinkedIn; it’s basically a resume.

Partial Bibliography

Papers in red denote peer review process.

  • MPQS with Three Large Primes (ANTS 2002: Sydney) Paul C. Leyland, Arjen K. Lenstra, Bruce Dodson, Alec Muffett, Sam Wagstaff
  • Factorization of a 512-Bit RSA Modulus (EUROCRYPT 2000) Stefania Cavallar, Bruce Dodson, Arjen K. Lenstra, Walter M. Lioen, Peter L. Montgomery, Brian Murphy, Herman te Riele, Karen Aardal, Jeff Gilchrist, Gerard Guillerm, Paul C. Leyland, Joel Marchand, Francois Morain, Alec Muffett, Chris Putnam, Craig Putnam, Paul Zimmermann
  • Bruce: A Java-based Security Auditing Framework (UKUUG 1999) (DOWNLOAD)
  • SENSS Bruce (USENIX “;login:” Magazine 1999) (LINK) (COLLATERAL1) (COLLATERAL2)
  • Programming Holes that will hose your System Security (Cambridge 1997) Public lecture presented at the University of Cambridge. (DOWNLOAD)
  • The BlackNet 384-bit PGP key has been BROKEN (1995) Alec Muffett, Paul Leyland, Arjen Lenstra, Jim Gillogly (LINK)
  • WAN-Hacking with AutoHack (USENIX SECURITY 1995) Alec Muffett First description of a hyper-scalable vulnerability auditing tool, designed to deal with networks of 30,000+ hosts. (PAPER) (SLIDES)
  • How To Build Your Own Network Intrusion Kit (AAA 1995) Tongue-in-cheek security presentation to the Access All Areas conference. (DOWNLOAD) (README)
  • Proper Care and Feeding of Firewalls (JANET 1994) Early paper detailing firewalling concepts, design, and selection. (DOWNLOAD)
  • USENET Security FAQ (1993) Final draft of approximately two years of USENET FAQ postings. Very dated but still useful in parts. (DOWNLOAD)
  • Crack v4.1 – A Sensible Password Checker for Unix (1991) Manual / whitepaper for Crack v4.1, reference only, now superceded. (DOWNLOAD)


Method and apparatus for implementing a pluggable password obscuring mechanism – Inventors: Darren J. Moffat, Casper H. Dik, Alec Muffett.

Software Publications