Alec Muffett

Muffett joined Sun Microsystems in 1992, working initially as a systems administrator. He rose “through the ranks” to become the Principal Engineer for Security, a position which he held until he was retrenched, with many others, in 2009[1] (shortly before Oracle acquired Sun). While at Sun he was one of the researchers who worked on the factorization of the 512 bit RSA Challenge Number; RSA-155 was successfully factorized in August 1999.[2] Muffett also worked on the Sun MD5 hash algorithm, which was introduced in Solaris 9 update 2. The new algorithm drew on Muffett's work in pluggable crypt, and it is now implemented in many different languages, for example Python.[3]

The algorithm uses the complete text of the famous soliloquy from Shakespeare's Hamlet: "To be or not to be, that is the question..." as the constant data. Muffett justified the choice of this text because "it exposes more programmers to Shakespeare, which has got to be a good thing".[4] After a sabbatical year, Muffett began to work on The Mine! Project, as lead developer. He subsequently became a director and consultant at Green Lane Security; he also consults for Surevine. He was a director of the Open Rights Group from October 2011 until January 2020.[1][5] Muffett has blogged professionally, for Computer World at Unscrewing Security and personally at Dropsafe, and has numerous publications to his credit, besides being a frequent presenter at technical conferences.[6]

Muffett is a co-inventor (with Darren Moffat and Casper Dik) of the patent "Method and apparatus for implementing a pluggable password obscuring mechanism", United States Patent 7,249,260, Issued June 12, 2003.[7]

In 2015 Muffett was named as one the Top 6 influential security thinkers by SC Magazine.[8] In October of that year he coauthored [9] RFC 7686 "The ".onion" Special-Use Domain Name", with Jacob Applebaum.

More recently, Muffett assisted the New York Times with the creation of their own Tor onion site.[10] Following that he created a temporary Onion Wikipedia site, accessible only over Tor,[11] and assisted building further onion sites for BBC News[12] and Brave[13]

Previously, Muffett has worked as a software engineer for Facebook, leading the team which added end-to-end encryption to Facebook Messenger.[14] and as Principal Engineer, Infrastructure Security at Deliveroo.[15]

In July 2020 Muffett shared DoHoT (DNS over HTTPS over Tor) which tunnels DoH queries over Tor with a reasonable latency.[16]

Muffett is active on Twitter[17] where he regularly comments on subjects such as end-to-end encryption. [18] Some have characterised some of Muffett's tweeting as rude, [19] bullying, [20] or toxic discussion. [21]

In December 2020 Muffett characterized the Facebook–Cambridge Analytica data scandal as a consequence of the “somewhat-forced opening of Facebook's APIs to enable competition”, [22] while others say that it was Facebook's lax policy that allowed apps to access data from a user's friends by default. [23]

In 2020 Muffett criticized the irony of a NYU political ad targeting research tool on the basis that it was architecturally similar to other, contentious privacy technologies. [24] Facebook attempted to shut the project down. [25]

I am so *over* transparency activists who, at the first whiff of opportunity, go ahead and create precisely the same kind & shape of tools which privacy activists complain about. But not, of course, vice versa.

— Alec Muffett, October 24, 2020, [26]

• Personal blog
• Factorization of a 512 Bit RSA Modulus
• Crypticide I: Thirteen Years of Crack