We present the CASRUL tool for analyzing cryptographic protocols
specifications in a model where the intruder has complete control of
the communications network. CASRUL verifies the executability of
protocols and compile them into transition rules that can be processed
by several back-ends such as model-checkers or theorem-provers. In
our model the existence of an attack can be encoded as a constraint
solving problem for an intruder. We discuss some decidability and
complexity issues concerning the protocol insecurity problem. In
particular the problem is NP-complete for a finite number of sessions
with composed encryption keys and for several extensions of Dolev-Yao
intruder.