Domain: gravatar.com
Stories and comments across the archive that link to gravatar.com.
Comments · 8
-
Re:A white, moderate conservative, overweight male
OK, I'm thinking of a football player, but all I see is a tub of lard.
-
Re:Oh fuck
-
Re:So let's change the algorithm.
The salt doesn't have to be known. Gratar URLs work like this
http://en.gravatar.com/site/implement/url
The association email -> avatar is done through a MD5 hash function. If you register to a website with username@mailprovider.com, the website will compute the hash of your email address (in this case 476c8a979eed603fb855dca149c7af6b) and associate the avatar url
http://www.gravatar.com/avatar/476c8a979eed603fb855dca149c7af6b?d=identicon
to your profile. All other websites using gravatars will associate the same url to your profile, because the computation of
md5sum ( username@mailprovider.com )
will always yield the same result.Now if you only want to use it to stop people smurfing you could salt
md5 ( 'my site salt' + 'username@mailprovider.com' ) instead of just md5 ( 'my site salt' + 'username@mailprovider.com' )
You could give people an option to not salt too, if they want to be recognisable across sites.
Of course you'd have to verify the email address for this to work. Or you could md5 ( 'salt'+'password') (or even 'salt' + 'IP address' ) instead and not have accounts at all. Mind you then you'd just have a 4chan style tripcode. Still it does stop smurfing.
-
Re:So let's change the algorithm.
The salt doesn't have to be known. Gratar URLs work like this
http://en.gravatar.com/site/implement/url
The association email -> avatar is done through a MD5 hash function. If you register to a website with username@mailprovider.com, the website will compute the hash of your email address (in this case 476c8a979eed603fb855dca149c7af6b) and associate the avatar url
http://www.gravatar.com/avatar/476c8a979eed603fb855dca149c7af6b?d=identicon
to your profile. All other websites using gravatars will associate the same url to your profile, because the computation of
md5sum ( username@mailprovider.com )
will always yield the same result.Now if you only want to use it to stop people smurfing you could salt
md5 ( 'my site salt' + 'username@mailprovider.com' ) instead of just md5 ( 'my site salt' + 'username@mailprovider.com' )
You could give people an option to not salt too, if they want to be recognisable across sites.
Of course you'd have to verify the email address for this to work. Or you could md5 ( 'salt'+'password') (or even 'salt' + 'IP address' ) instead and not have accounts at all. Mind you then you'd just have a 4chan style tripcode. Still it does stop smurfing.
-
nope
that addy has a different icon
-
Public address
-
Don't use Gravatar
This is exactly the reason I don't use Gravatar. They even tell everyone they are morons right here:
http://en.gravatar.com/site/implement/urlI didn't know anything about them except that someone in a forum was describing how you could have the same avatar in compatible forums that you participate in. The second I read that your hashed email address was part of the URL I turned around and never looked back knowing full well that if someone wanted to, they could eventually get my email address.
-
already done
Perhaps someone ought to tell these people that Gravatar has already done this.