Alec Muffett


Alec has worked in host and network security for 30 years, more than 22 of those in industry, holding senior consulting, architecture and engineering roles at Sun Microsystems and Facebook. He is a member of the Board of Directors of the Open Rights Group, a member of the Security and Privacy Executive of the British Computer Society, and a Principal Engineer at Deliveroo.

Alec is noted for his work in password security (Crack, CrackLib, the “sunmd5” hashing algorithm), for creating Facebook’s Tor onion site, for leading the team which added end-to-end encryption to Facebook Messenger, and more recently for assisting the New York Times with creation of their own onion site.

In spare time, Alec moonlights as a media-resource & speaker, security-evangelist and polemicist, specialising in end-to-end-secure communication, privacy, and civil liberties.

Quick Links

Early History

Alec graduated with a degree in Astronomy from UCL in 1988.

He spent the following three years working at UCW Aberystwyth as a systems programmer, aiding their transition from VMS and Honeywell GCOS-3, to Unix. There he developed the password-cracking suite Crack – later Cracklib – and released it upon USENET to much notoriety. He also authored and subsequently edited the first USENET Security FAQ.

From that point forwards, see LinkedIn.


  1. Security Rots Over Time. (SOURCE)
  2. Everybody Deserves Good Security.
  3. There Is No Such Thing As “Security”.
  4. Every Internet Freedom Is Someone Else’s Internet Problem.
  5. If you’re doing something and you don’t have at least two reasons for doing it, you’re probably doing something wrong.

Partial Bibliography

** denotes peer review process; see also /alecm/presentations/

  • **MPQS with Three Large Primes (ANTS 2002: Sydney) Paul C. Leyland, Arjen K. Lenstra, Bruce Dodson, Alec Muffett, Sam Wagstaff
  • **Factorization of a 512-Bit RSA Modulus (EUROCRYPT 2000) Stefania Cavallar, Bruce Dodson, Arjen K. Lenstra, Walter M. Lioen, Peter L. Montgomery, Brian Murphy, Herman te Riele, Karen Aardal, Jeff Gilchrist, Gerard Guillerm, Paul C. Leyland, Joel Marchand, Francois Morain, Alec Muffett, Chris Putnam, Craig Putnam, Paul Zimmermann
  • Bruce: A Java-based Security Auditing Framework (UKUUG 1999) (DOWNLOAD)
  • SENSS Bruce (USENIX “;login:” Magazine 1999) (LINK) (COLLATERAL1) (COLLATERAL2)
  • Programming Holes that will hose your System Security (Cambridge 1997) Public lecture presented at the University of Cambridge. (DOWNLOAD)
  • The BlackNet 384-bit PGP key has been BROKEN (1995) Alec Muffett, Paul Leyland, Arjen Lenstra, Jim Gillogly (LINK)
  • WAN-Hacking with AutoHack (USENIX SECURITY 1995) Alec Muffett First description of a hyper-scalable vulnerability auditing tool, designed to deal with networks of 30,000+ hosts. (PDF) (SLIDES)
  • How To Build Your Own Network Intrusion Kit (AAA 1995) Tongue-in-cheek security presentation to the Access All Areas conference. (DIR)
  • Proper Care and Feeding of Firewalls (JANET 1994) Early paper detailing firewalling concepts, design, and selection. (DOWNLOAD)
  • USENET Security FAQ (1993) Final draft of approximately two years of USENET FAQ postings. Very dated but still useful in parts. (DOWNLOAD)
  • Crack v4.1 – A Sensible Password Checker for Unix (1991) Manual / whitepaper for Crack v4.1, reference only, now superceded. (DOWNLOAD)


Method and apparatus for implementing a pluggable password obscuring mechanism – Inventors: Darren J. Moffat, Casper H. Dik, Alec Muffett.

Software Publications

  • Crack 5.0a A Password Cracker – if you have a problem with Crack, or any question regarding it whatsoever, please see the (FAQ); also (HUMOUR) (DIR)
  • CrackLib v2.7 Password Checking Library – see the new CrackLib homepage for details and downloads! (LEGACY)
  • SnarfNews v1.4 USENET Transport Toolkit (DIR)
  • ASP v3.5 Scrolling / Animated “.plan compiler” (DIR)
  • MHR v2.2 Shell frontend for MH mailer (DIR)


(c) Alec Muffett 2017, licensed under CC-BY-SA (