Alec Muffett - Wikipedia
Alec Muffett
Alec David Edward Muffett (born April 22, 1968) is an Anglo-American internet-security evangelist, architect, and software engineer. He is principally known for his work on Crack, the original Unix password cracker, and for the CrackLib password-integrity testing library; he is also active in the open-source software community.
Alec Muffett
BornAlec David Edward Muffett
April 22, 1968 (age 53)
OccupationInternet-security evangelist, architect, and software engineer
Tech career
Muffett joined Sun Microsystems in 1992, working initially as a systems administrator. He rose “through the ranks” to become the Principal Engineer for Security, a position which he held until he was retrenched, with many others, in 2009[1] (shortly before Oracle acquired Sun). While at Sun he was one of the researchers who worked on the factorization of the 512 bit RSA Challenge Number; RSA-155 was successfully factorized in August 1999.[2] Muffett also worked on the Sun MD5 hash algorithm, which was introduced in Solaris 9 update 2. The new algorithm drew on Muffett's work in pluggable crypt, and it is now implemented in many different languages, for example Python.[3]
The algorithm uses the complete text of the famous soliloquy from Shakespeare's Hamlet: "To be or not to be, that is the question..." as the constant data. Muffett justified the choice of this text because "it exposes more programmers to Shakespeare, which has got to be a good thing".[4] After a sabbatical year, Muffett began to work on The Mine! Project, as lead developer. He subsequently became a director and consultant at Green Lane Security; he also consults for Surevine. He was a director of the Open Rights Group from October 2011 until January 2020.[1][5] Muffett has blogged professionally, for Computer World at Unscrewing Security and personally at Dropsafe, and has numerous publications to his credit, besides being a frequent presenter at technical conferences.[6]
Muffett is a co-inventor (with Darren Moffat and Casper Dik) of the patent "Method and apparatus for implementing a pluggable password obscuring mechanism", United States Patent 7,249,260, Issued June 12, 2003.[7]
In 2015 Muffett was named as one of the Top 6 influential security thinkers by SC Magazine.[8] In October of that year he coauthored [9] RFC 7686 "The ".onion" Special-Use Domain Name", with Jacob Applebaum.
More recently, Muffett assisted the New York Times with the creation of their own Tor onion site.[10] Following that he created a temporary Onion Wikipedia site, accessible only over Tor,[11] and assisted building further onion sites for BBC News[12] and Brave[13]
Previously, Muffett has worked as a software engineer for Facebook, leading the team which added end-to-end encryption to Facebook Messenger.[14] and as Principal Engineer, Infrastructure Security at Deliveroo.[15]
In July 2020 Muffett shared DoHoT (DNS over HTTPS over Tor) which tunnels DoH queries over Tor with a reasonable latency.[16]

Muffett is active on Twitter[17] where he regularly comments on subjects such as end-to-end encryption. [18] Some have characterised some of Muffett's tweeting as rude, [19] bullying, [20] or toxic discussion. [21]
In December 2020 Muffett characterized the Facebook–Cambridge Analytica data scandal as a consequence of the “somewhat-forced opening of Facebook's APIs to enable competition”, [22] while others say that it was Facebook's lax policy that allowed apps to access data from a user's friends by default. [23]
In 2020 Muffett criticized the irony of a NYU political ad targeting research tool on the basis that it was architecturally similar to other, contentious privacy technologies. [24] Facebook attempted to shut the project down. [25]
I am so *over* transparency activists who, at the first whiff of opportunity, go ahead and create precisely the same kind & shape of tools which privacy activists complain about. But not, of course, vice versa.
— Alec Muffett, October 24, 2020, [26]
  1. ^ a b "Alec Muffett, Profile". LinkedIn. Retrieved 30 January 2020.
  2. ^ RSA-155 is factored! Archived 2012-07-22 at the Wayback Machine,; accessed March 23, 2017.
  3. ^ passlib.hash.sun_md5_crypt - Sun MD5 Crypt,; accessed March 23, 2017.
  4. ^ Muffett, Alec (5 December 2005). "OpenSolaris, Pluggable Crypt, and the SunMD5 Password Hash Algorithm". Dropsafe. Retrieved 30 January 2020.
  5. ^ "Open Rights Group Board". Open Rights Group. Retrieved 30 Jan 2020.
  6. ^ Alec Muffett's Speaking History, Lanyrd.
  7. ^ "Patent: Method and apparatus for implementing a pluggable password obscuring mechanism", Google Patents.
  8. ^ Top 6 influential security thinkers
  9. ^ RFC 7686 "The ".onion" Special-Use Domain Name"
  10. ^ The New York Times is Now Available as a Tor Onion Service NYT
  11. ^ Wikipedia over Tor? Alec Muffett experiments with an Onion Wikipedia site
  12. ^ "Leveraging the Tor Network to circumvent blocking of BBC News content".
  13. ^ " now has its own Tor Onion Service, providing more users with secure access to Brave".
  14. ^ I've retired from FB now Twitter
  15. ^ "Alec Muffett". Deliveroo engineering team blog. Retrieved 30 January 2020.
  16. ^ "alecmuffett/dohot: DoHoT: making practical use of DNS over HTTPS over Tor".
  17. ^ Alec Muffett @AlecMuffett
  18. ^ AlecMuffett's tweets Twitter
  19. ^ Twitter Twitter
  20. ^ Twitter Twitter
  21. ^ Twitter Twitter
  22. ^ AlecMuffett's tweets Twitter
  23. ^ "Facebook's Lax Data Policies Led to Cambridge Analytica Crisis".
  24. ^ "Ad-Blocker Ghostery Actually Helps Advertisers, If You "Support" It".
  25. ^ "Facebook Seeks Shutdown of NYU Research Project Into Political Ad Targeting".
  26. ^ Twitter Twitter
External links
Last edited on 28 April 2021, at 20:41
Content is available under CC BY-SA 3.0 unless otherwise noted.
Privacy policy
Terms of Use
HomeRandomNearbyLog inSettingsDonateAbout WikipediaDisclaimers