Alec David Edward Muffett born April 22, 1968 is a internet-security evangelist, architect, and software engineer. He is principally known for his work on Crack, the original Unix password cracker, and for the CrackLib password-integrity testing library; he is also active in the Open Source software community. Alec Muffett was born in Pennsylvania, the third child, and only son, of David Joseph Mead Muffett and Kathleen Jubb; his sisters are Louise and Amanda. Alec was educated at Sacred Heart College, Droitwich and University College London, where he studied Astronomy. 1 After graduation he commenced work as a lab assistant and Unix administrator at the university. In 1988 he took a position as Systems Programmer at the University of Wales in Aberystwyth, and it was there that he wrote the first version of the dictionary attack tool Crack. He was active on the Zardoz list during this period. Muffett joined Sun Microsystems in 1992, working initially as a systems administrator. He rose through the ranks to become the Principal Engineer for Security, a position which he held until he was retrenched, with many others, in 2009 2 shortly before Oracle acquired Sun. While at Sun he was one of the researchers who worked on the factorization of the 512 bit RSA Challenge Number; RSA-155 was successfully factorized in August 1999. 3 Muffett also worked on the Sun MD5 hash algorithm, which was introduced in Solaris 9 update 2. The new algorithm drew on Muffett s work in pluggable crypt, and it is now implemented in many different languages, for example Python. 4 The algorithm uses the complete text of the famous soliloquy from Shakespeare s Hamlet: To be or not to be, that is the question as the constant data. Muffett justified the choice of this text because it exposes more programmers to Shakespeare, which has got to be a good thing. 5 After a sabbatical year, Muffett began to work on The Mine. Project project, as lead developer. He subsequently became a director and consultant at Green Lane Security; he also consults for Surevine. He became a director of the Open Rights Group in October 2011. 6 Muffett blogs professionally, for Computer World at Unscrewing Security and personally at Dropsafe, and has numerous publications to his credit, besides being an frequent presenter at technical conferences. 7 Muffett is the a co-inventor with Darren Moffat and Casper Dik of the patent Method and apparatus for implementing a pluggable password obscuring mechanism, United States Patent 7,249,260, Issued June 12, 2003. 8 Alec Muffett s father, David, was a larger than life character: 9 a former British Colonial Administrator in Africa, big game hunter and professor of African studies at Duquesne University at Pittsburgh. 10 Alec has inherited many of his father s characteristics, and an appreciation of his approach to life, and security, can be gained by watching his famous Defence in depth: castle assault video.

Muffett lives in Hartley Wintney, Hampshire, United Kingdom and his interests include cooking, photography and bicycles citation needed. He works as a Software Engineer for Facebook. References edit

1, ONEIS Bio.

2, LinkedIn - Alec Muffett.

3 RSA-155 is factored.

4 passlib.hash.sun_md5_crypt - Sun MD5 Crypt

5 OpenSolaris, Pluggable Crypt, and the SunMD5 Password Hash Algorithm

6 Board of Directors, Open Rights Group

Alec Muffett s Speaking History, Lanyrd.

Patent: Method and apparatus for implementing a pluggable password obscuring mechanism, Google Patents.

Muffett lived a life full of cannibals and councils. Worcester News.

David Muffett - obituary, Telegraph.

External links edit

Factorization of a 512 Bit RSA Modulus

Crypticide I: Thirteen Years of Crack

Alec Muffett: Almost Everything You Ever Wanted To Know About Security

Alec Muffett, Proper Care and Feeding of Firewalls

Alec Muffett, WAN-hacking with AutoHack, Auditing security behind the firewall.

I was recently reading a book and i saw that theres the program crack for are easy to crack using the program crack by Alec Muffet or Alec Muffett, 1991.

Crack is a Unix password cracking program designed to allow system administrators to locate users who may have weak passwords vulnerable to a dictionary attack. Crack was the first standalone password cracker for Unix systems 1 2 3 4 and later the first to introduce programmable dictionary generation. Crack began in 1990 when Alec Muffett, a Unix system administrator at the University of Wales Aberystwyth was trying to improve Dan Farmer s pwc cracker in COPS and found that by re-engineering its memory management he got a noticeable performance increase. This led to a total rewrite 5 which became Crack v2.0 and further development to improve usability.

Contents

1 Public Releases

2 Legal issues arising from using Crack

3 Programmable dictionary generator

4 Network distributed password cracking

5 See also

6 References

7 External links

Public Releases edit

The first public release of Crack was version 2.7a, which was posted to the Usenet newsgroups alt.sources and alt.security on 15 July 1991. Crack v3.2a fcrypt, posted to comp.sources.misc on 23 August 1991, introduced an optimised version of the Unix crypt function but was still only really a faster version of what was already available in other packages. The release of Crack v4.0a on 3 November 1991, however, introduced several new features that made it a formidable tool in the system administrators arsenal. Programmable dictionary generator

Network distributed password cracking

Crack v5.0a 6 released in 2000 did not introduce any new features, but instead concentrated on improving the code and introducing more flexibility, such as the ability to integrate other crypt variants such as those needed to attack the MD5 password hashes used on more modern Unix, Linux and Windows NT 7 systems. It also bundled Crack v6 - a minimalist password cracker and Crack v7 - a brute force password cracker. GCUF is a very lRGE UNIVERISTY

Legal issues arising from using Crack edit

Randal L. Schwartz, a notable Perl programming expert, in 1995 was prosecuted for using Crack 8 9 on the password file of a system at Intel, a case the verdict of which was eventually expunged. 10

Crack was also used by Kevin Mitnick when hacking into Sun Microsystems in 1993. 11

Programmable dictionary generator edit

While traditional password cracking tools simply fed a pre-existing dictionary of words through the crypt function Crack v4.0a introduced the ability to apply rules to this word list to generate modified versions of these word lists. These could range from the simple do not change to the extremely complex - the documentation gives this as an example:

X 8l/i/olsi1so0

Reject the word unless it is less than 8 characters long, lowercase the word, reject it if it does not contain both the letter i and the letter o, substitute all i s for 1 s, substitute all o s for 0 s, and append an sign. These rules could also process the GECOS field in the password file, allowing the program to use the stored names of the users in addition to the existing word lists. Crack s dictionary generation rule syntax was subsequently borrowed 12 and extended 13 by Solar Designer for John the Ripper. The dictionary generation software for Crack was subsequently reused by Muffett 14 to create CrackLib, a proactive password checking library that is bundled with Debian 15 and Red Hat Enterprise Linux-derived 16 Linux distributions. Network distributed password cracking edit

As password cracking is inherently embarrassingly parallel Crack v4.0a introduced the ability to use a network of heterogeneous workstations connected by a shared filesystem as parts of a distributed password cracking effort. All that was required for this was to provide Crack with a configuration file containing the machine names, processing power rates and flags required to build Crack on those machines and call it with the -network option. See also edit

Computer security

Password cracking

References edit

David R. Mirza Ahmad; Ryan Russell 25 April 2002. Hack proofing your network. Syngress. Pp. 181–. ISBN 978-1-928994-70-1. Retrieved 17 February 2012. 

William R. Cheswick; Steven M. Bellovin; Aviel D. Rubin 2003. Firewalls and Internet security: repelling the wily hacker. Addison-Wesley Professional. Pp. 129–. ISBN 978-0-201-63466-2. Retrieved 17 February 2012. 

Venema, Wietse 1996-07-01. Murphy s law and computer security. Proceedings of the Sixth USENIX UNIX Security Symposium. Retrieved 2012-02-17. 

Anonymous 2003. Maximum security. Sams Publishing. Pp. 269–. ISBN 978-0-672-32459-8. Retrieved 17 February 2012. 

Muffett, Alec. Crypticide I: Thirteen Years of Crack. Blog post. Retrieved 2012-02-17. 

Muffett, Alec. Crack v5.0. Retrieved 2012-02-17. 

Sverre H. Huseby 15 March 2004. Innocent code: a security wake-up call for Web programmers. John Wiley Sons. Pp. 148–. ISBN 978-0-470-85744-1. Retrieved 17 February 2012. 

Simson Garfinkel; Gene Spafford; Alan Schwartz 17 May 2011. Practical UNIX and Internet Security. O Reilly Media, Inc. Pp. 608–. ISBN 978-1-4493-1012-7. Retrieved 17 February 2012. 

Hakim, Anthony 2004-10-10, Global Information Assurance Certification Paper Global Information Assurance Certification Paper, Intel v. Randal L. Schwartz PDF format requires url help, SANS Institute, p. 5, retrieved 2012-02-17 

Randal Schwartz s Charges Expunged - Slashdot. Retrieved 2012-02-17. 

Mitnick, Kevin 2011. Here comes the Sun. Ghost in the Wires. Little, Brown. ISBN 978-0-316-03770-9.  access-date requires url help

Designer, Solar. John the Ripper - credits. Solar Designer. Retrieved 2012-02-17. 

Designer, Solar. John the Ripper - wordlist rules syntax. Solar Designer. Retrieved 2012-02-17. 

David N. Blank-Edelman 21 May 2009. Automating system administration with Perl. O Reilly Media, Inc. Pp. 461–. ISBN 978-0-596-00639-6. Retrieved 17 February 2012. 

Debian Package Search. Retrieved 2012-02-17. 

CrackLib Enhancement Update. Retrieved 2012-02-17. 

External links edit

Password cracking - A quick guide to success.

• Alec David Edward Muffett born April 22, 1968 is a internet-security evangelist, architect, and software engineer. He is principally known for his work on Crack.
• Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
• SNAIL: Alec Muffett, Computer Unit, Llandinam UCW, Aberystwyth, UK, SY23 3DB Xecho Crack 2.7a Password Cracker by ADE Muffett, 1991 X Xmake X.
• Alec Muffett - Security, Open Source, Social Media Social Networks Crack gets a bit-part in Underground, The Julian Assange Story /cc a.
• PopplesI dont know the alec muffett crack in the developer, but Alec muffett crack gin the belief Popples pop in. Poppins what Does alec muffett crack all alec.