Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gravatars Can Leak Users' Email Addresses

Posted by kdawson on from the chatty-little-things dept.

abell writes "Gravatar offers a global avatar service, using an MD5 hash of the user's email as avatar ID. This piece of information in some cases is enough to retrieve the original email address. Testing a simple attack on stackoverflow.com, I was able to determine the email addresses of more than 10% of the site's users."

170 comments

  1. So let's change the algorithm. by palegray.net · · Score: 0, Flamebait

    If this is directly related to MD5 (as it would seem), let's hope Gravatar switches to another algorithm. Of course, this won't do much about the existing hashes I suppose.

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    1. Re:So let's change the algorithm. by sam0737 · · Score: 3, Insightful

      No it's not related to MD5 itself. period.

    2. Re:So let's change the algorithm. by Cryacin · · Score: 1

      I'm sure that there will be a lot more emails offering mostly new Bolex watches in a few inboxes around...

      --
      Science advances one funeral at a time- Max Planck
    3. Re:So let's change the algorithm. by jonesy2k · · Score: 1

      Or just add some salt?

    4. Re:So let's change the algorithm. by palegray.net · · Score: 0, Offtopic

      Really? Are you familiar with MD5 collisions?

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    5. Re:So let's change the algorithm. by Mad+Merlin · · Score: 2, Informative

      It's not, any hashing function would be subject to the same problem. If you RTFA you'll find that they just brute force combinations of the user name and common email domains.

      To actually fix this would require not hashing (only) email address, you could mix in some secret salt with the email before hashing, or you could use encryption (with a secret key), or you could just hand out unique identifiers which are associated only in the Gravitar database. I don't know if any of these are feasible for this particular application though.

      --
      Game! - Where the stick is mightier than the sword!
    6. Re:So let's change the algorithm. by Mad+Merlin · · Score: 1

      A normal implementation of salt (with the salt in plaintext along with the hash) would not help in this case.

      --
      Game! - Where the stick is mightier than the sword!
    7. Re:So let's change the algorithm. by geekpowa · · Score: 5, Informative

      The attack doesn't rely on MD5 itself or MD5 collisions. It would work no matter what hashing algorithm was used.

    8. Re:So let's change the algorithm. by Mad+Merlin · · Score: 2, Informative

      MD5 collisions actually don't help the attacker here, in fact, an MD5 collision would simply be a false positive for this case (the attacker thinks they've found the email address, but they haven't).

      --
      Game! - Where the stick is mightier than the sword!
    9. Re:So let's change the algorithm. by palegray.net · · Score: 1

      I did, in fact, RTFA. It points out that even in the absence of search space limiting tricks employed by the author, rainbow tables could be used to achieve the same goal. Adding salt would have made the problem quite a bit tougher for an attacker, but wouldn't have put it completely out of reach. It's quite well known that MD5 shouldn't be used for anything privacy related, given the fact that it's been exploited quite publicly in recent history.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    10. Re:So let's change the algorithm. by Anonymous Coward · · Score: 0

      Neither changing hash algorithms nor adding a (public) salt would help against this particular kind of attack, which checks a small set of likely email addresses derived from the username associated with the Gravatar ID.

    11. Re:So let's change the algorithm. by palegray.net · · Score: 1

      Yeah, I read it wrong :). Salt probably would've helped a bunch, though.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    12. Re:So let's change the algorithm. by Firehed · · Score: 4, Insightful

      I disagree.

      Granted, those are basically very unsophisticated databases that just store lookup values, but it's relatively easy to bruteforce an MD5 hash down into one of the possible original strings (obviously with any algorithm that has a fixed output size with limitless inputs like MD5 there are infinite inputs that will hash down to a single md5sum, but when you're trying to get a valid email address out of a hash it's easy to pick the right one). Couple that with the fact that in this situation, you know that the entire string is lowercased and probably 60% of the gravatar emails (probably more like 90% actually) are going to come from one of four or five domains... reversal becomes quite easy. If you're bored, you could spin up a few Amazon EC2 or Rackspace Cloud Server instances to dump out some large tables. One each for gmail, yahoo, msn, aol, whatever else; it'd be a very simple script to make. You could probably cover every alphanumeric email address under 12 characters overnight, at a cost of about a dollar and ten minutes of scripting.

      The thing to realize here is that gravatar doesn't md5 emails to hide them from people who want to obscure their identity, just to obscure them from spambots. So it's really a non-issue. If you're that concerned, leave your blog comments with a fake email address.

      --
      How are sites slashdotted when nobody reads TFAs?
    13. Re:So let's change the algorithm. by Firehed · · Score: 1

      In order for Gravatar to work, the algorithm has to be publicly known. Which means every site uses the same salt (pointless) or each domain has its own salt, which can be determined from the referrer header (not only also pointless since a potential attacker knows what site they're on, but it would also make the service pretty much impossible to implement). The only other option would be two-way encryption with some sort of per-domain shared key, but given that most of the point of Gravatar is simplicity of implementation, that's just not going to happen.

      --
      How are sites slashdotted when nobody reads TFAs?
    14. Re:So let's change the algorithm. by jamesh · · Score: 2, Interesting

      It's quite well known that MD5 shouldn't be used for anything privacy related, given the fact that it's been exploited quite publicly in recent history.

      An email address isn't private... I suspect that MD5 was just a convenient way to get a fixed length id. I'd be more worried about collisions, but i'm too lazy to calculate how many avatars would be required before that might become a problem.

    15. Re:So let's change the algorithm. by mlts · · Score: 1

      You hit the nail on the head. If one uses these, they should either use an alias (I know Hushmail and Yahoo both offer alias functionality) that they can filter incoming mail with.

      Even better, because Gravatar is essentially Alice and Bob, they should have gone with either a salt (64 bits is "meh", 128 is decent, 256 is good for the forseeable future), SHA-256, and toss in a site key that only their backend database knows. This way, it would be immensely difficult to associate the hash with an E-mail address even if the attacker suspected both were connected.

      Best of all would just to have Gravatar use random nonces and have their backend database store the nonce -> user tuple. This way, there is no algorithm that would allow an attacker to correlate decisively the pictures and E-mail addresses. Even better would be a many to one ratio so a user can have hundreds of nonces, so an attacker couldn't use frequency guessing to figure out an E-mail address.

    16. Re:So let's change the algorithm. by Anonymous Coward · · Score: 0

      Actually, using an algorithm that takes orders of magnitude longer to compute such as 1000 md5's of the email (barring that 1000 md5's won't reduce to something relatively simple, no one knows), would make this type of bruteforcing uneconomical.

      As someone else pointed out, you can't use a secret hash as any site implementing the gravatar would need to know it.
      Whatever information gravatar has the site needs as well to compute the hash, and if the site has it, it's safe to assume that the attacker has it IMO.

    17. Re:So let's change the algorithm. by Korin43 · · Score: 3, Interesting

      What I'm wondering is why this matters at all. A spammer would just send emails [your username]@[every common email domain]. Why would they bother to check if it's the correct address or not?

    18. Re:So let's change the algorithm. by broken_chaos · · Score: 3, Informative

      Not really, since the salt would need to be publicly known for Gravatar to work (and it would break any backwards compatibility to add it in now). This was a 'social engineering' attack, not a rainbow table lookup – it pieced the name together with common providers to find a matching MD5. Salt would just add a single extra step.

      I believe it's exactly the same problem/attack as was brought up about MicroID in the past. The idea of Pavatar is a much better way to do this sort of avatar-finding (though the decentralisation comes with its own problems), since it relies on a public web address instead of a semi-private e-mail address.

    19. Re:So let's change the algorithm. by Eivind · · Score: 3, Insightful

      Doubt it. there's 26 letters and 10 digits, in addition to that . is very common in email-adresses. Thus you get 37 possibilities for each position. 37 to the 12th power is 6582952005840035281 hashes to run, and even if you do 10^9 Hz (i.e. one giga-hash-a-second, which would require on the order of a few hundred cores), you'd still need 208 years to do that many hashes -- then you need to look up each of them in gravatar, and analyze the result for a hit-or-miss.

      "every alphanumeric email-address under 12 characters" is infact much too large a keyspace to reasonably cover overnight with a "very simple script".

      It's not a large enough keyspace to be cryptographically secure, but it's large enough to not be trivially exhaustible.

    20. Re:So let's change the algorithm. by JoshuaZ · · Score: 1

      There are two attacks here. The primary attack has absolutely nothing to do with the hash used. They just checked based on user names likely email addresses. The example given was from User Michael Smith to then check things like michael.smith@majoremailprovider.com and so on. This method, which nowhere uses anything about MD5 got around 10% of the emails. Another attack which did use hash collision detections only got 1%.

    21. Re:So let's change the algorithm. by QuoteMstr · · Score: 1

      You're dead on about using thousands of hashes. The practice hurts an attacker far more than it hurts legitimate users. It's called key stretching, or key strengthening.

    22. Re:So let's change the algorithm. by Anonymous Coward · · Score: 1, Funny

      I think you need to stop giving crypto advice for the day, it's not going very well.

    23. Re:So let's change the algorithm. by Krizdo4 · · Score: 1

      So keep the salt secret to the server so at least someone has to brute force it?

    24. Re:So let's change the algorithm. by maevius · · Score: 1

      Salt could work if it was only known between the web site owner and Gravatar. After all the users only need the hash to download the avatar. But I guess that would be security through obscurity, and we don't want that.

    25. Re:So let's change the algorithm. by seifried · · Score: 1

      But you can easily get a list of known good domains and common user names (or you can just get a list of email addresses) which significantly reduces the search space.

    26. Re:So let's change the algorithm. by rve · · Score: 2, Insightful

      That's assuming email addresses are random sequences of letters, digits and dots.

      If you're a spammer and don't mind missing the email of mr. q9x7.3f.1zzp@hotmail.com, a phone book would probably provide an effective dictionary for narrowing that keyspace considerably

    27. Re:So let's change the algorithm. by Anonymous Coward · · Score: 0

      i think that one could start combining the registered username with some classic mail domains to speed up the search

    28. Re:So let's change the algorithm. by ysth · · Score: 1

      I disagree.

      Granted, those are basically very unsophisticated databases that just store lookup values, but it's relatively easy to bruteforce an MD5 hash down into one of the possible original strings

      No, it's not. Or at least, it only is if you have truly awesome amounts of time or computing resources to spend. Hence lookup databases like those you reference.

    29. Re:So let's change the algorithm. by Anonymous Coward · · Score: 0

      You are not very clever are you? Let me guess, still in high school? Would explain a lot.

    30. Re:So let's change the algorithm. by supernova_hq · · Score: 2, Insightful

      Security through Obscurity is a reference to the METHOD being obscure. Your encryption codes and salts are SUPPOSED to be obscure!!!

    31. Re:So let's change the algorithm. by Anonymous Coward · · Score: 0

      For practical purposes, a long randomly generated hidden salt that is configured between the site and gravitar would solve the problem. This would make the situation functionally out of reach of any attacker for the next long while.

      Encryption might be better, but a long hidden salt would be very effective, and this is what the site should switch to since it would not take that much work. Having all of their clients switch to encryption would be slightly more complicated I think.

    32. Re:So let's change the algorithm. by supernova_hq · · Score: 1

      get a list of email addresses

      If they had that, they wouldn't need to do anything now would they?

    33. Re:So let's change the algorithm. by ProfessionalCookie · · Score: 1
      One common form of comment auto-validation is the email-username pair. If you have a previously approved comment many blogging systems by default approve subsequent comments that use the same email/username. If email addresses we exposed and paired with a username on a blog comments system then spammers could post using forged but valid user handles.

      If the gravatar makes the pairing trivial then it's trivial to automate. And so the spam filter will have to iterate.

    34. Re:So let's change the algorithm. by ProfessionalCookie · · Score: 1

      To clear that up- rather than spamming the email address spammers will likely target the blog that displays the gravatar.

    35. Re:So let's change the algorithm. by Eivind · · Score: 1

      True. And -that- is feasible. I was just commenting on the claim that you can exhaustively search all 12-character alphanum strings in a trivial amount of time. you cannot.

    36. Re:So let's change the algorithm. by maevius · · Score: 1

      The salt is not exactly supposed to be obscure. If it was then it would be just a password, and this is not the case as it would be called a password and not a salt. The salt should be available to the entities generating the hash (in this case the web sites). Now find me a practical way to distribute the salt to the legitimate web sites without the bad guys knowing...

    37. Re:So let's change the algorithm. by KiloByte · · Score: 2, Insightful

      Or, use john -incremental -stdout. This will test reasonable names first, while not being restricted to RL names only.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    38. Re:So let's change the algorithm. by Anonymous Coward · · Score: 0

      Easy, each site that wants to use gravatar must register an account with gravatar. They are then assigned a random salt and site id to use. In the API call to gravatar they put in the siteid, and all of the hashes they generate are done with the salt prefixed.

      Since the hashes are generated server side, the salt is only known to gravatar and the particular site. All other sites will have a different salt, and thus different hashes for every user.

    39. Re:So let's change the algorithm. by omuls+are+tasty · · Score: 1

      By the birthday paradox, you'd have a 50% chance of a single collision after roughly 2^64 avatars (since MD5 hash size is 128 bits).

    40. Re:So let's change the algorithm. by K-Mile · · Score: 1

      Wouldn't it be easier then to just email john.doe@gmail.com, john.doe@hotmail.com, and john.doe@aol.com, instead of passing the email addresses through a cloud based online avatar brute force MD5 email validating script?

    41. Re:So let's change the algorithm. by mr+exploiter · · Score: 1

      That's assuming email addresses are random sequences of letters, digits and dots.

      If you're a spammer and don't mind missing the email of mr. q9x7.3f.1zzp@hotmail.com, a phone book would probably provide an effective dictionary for narrowing that keyspace considerably

      That's assuming nothing. You know how to read? Parent is talking about covering the ENTIRE range of emails under 12 characters with those characters.

    42. Re:So let's change the algorithm. by panaceaa · · Score: 1

      By using this exploit, spammers get additional user useful data: They'll know each user's full name in most cases. They'll know that the user is interested in the site he's commenting on. They'll know what language he speaks. Basically, they can compose much more compelling emails with a higher probability of getting through and even being seen as relevant to the recipient.

      --
      my blog
    43. Re:So let's change the algorithm. by MikeDX · · Score: 2, Informative

      Bolex make [motion picture] cameras, not watches, and were very important in the early television news reels. Even today they are a staple in film schools.

    44. Re:So let's change the algorithm. by DrSkwid · · Score: 4, Informative

      1) register as a website with gravatar, find out how long the salt is
      2) register on stackoverflow with your email address
      3) enumerate the possibilities until you find the hash of your own address and therefore the salt
      4) extract 8000+ emails from stackoverflow
      5) repeat for other sites

      --
      There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
    45. Re:So let's change the algorithm. by selven · · Score: 1

      This programmer used a bot to gather over 8k email addresses. So it's pretty useless against spam.

    46. Re:So let's change the algorithm. by Anonymous Coward · · Score: 0

      UHHHHHHH...my GeForce 8500 does 1.5 GigaHashes/sec using CUDA-Multiforcer (search for the link yourself).... and no doubt the newer GTX's in SLI obliterate even that rate.... "a few hundred cores"??? please.

    47. Re:So let's change the algorithm. by gnud · · Score: 1

      It's useless against bots specifically created to line up the user name with the Gravatar hash. That bot will only work on Stackoverflow.

      If all you have is the hash, then bots would be pretty useless.

    48. Re:So let's change the algorithm. by pAnkRat · · Score: 2, Insightful

      Correct: the attack here is:

      Take big Site with thousands of user, many using thier (sorta) "real names".
      Permute these names with some known big email provider hostnames.
      Send them all some spam.

      It does not really matter if 90% of those emailadresses are incorrect, the rest will hit.

      I would not do the MD5 validation thing, why should I?

      --
      we need an "-1 Plain wrong" moderation option!
    49. Re:So let's change the algorithm. by molecular · · Score: 1

      Yeah, I read it wrong :). Salt probably would've helped a bunch, though.

      no, salt wouldn't help because it would have to be public and therefore known to the attacker, right?

    50. Re:So let's change the algorithm. by Hal_Porter · · Score: 1

      The salt doesn't have to be known. Gratar URLs work like this

      http://en.gravatar.com/site/implement/url

      The association email -> avatar is done through a MD5 hash function. If you register to a website with username@mailprovider.com, the website will compute the hash of your email address (in this case 476c8a979eed603fb855dca149c7af6b) and associate the avatar url
      http://www.gravatar.com/avatar/476c8a979eed603fb855dca149c7af6b?d=identicon
      to your profile. All other websites using gravatars will associate the same url to your profile, because the computation of
      md5sum ( username@mailprovider.com )
      will always yield the same result.

      Now if you only want to use it to stop people smurfing you could salt

      md5 ( 'my site salt' + 'username@mailprovider.com' ) instead of just md5 ( 'my site salt' + 'username@mailprovider.com' )

      You could give people an option to not salt too, if they want to be recognisable across sites.

      Of course you'd have to verify the email address for this to work. Or you could md5 ( 'salt'+'password') (or even 'salt' + 'IP address' ) instead and not have accounts at all. Mind you then you'd just have a 4chan style tripcode. Still it does stop smurfing.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    51. Re:So let's change the algorithm. by Hal_Porter · · Score: 1

      You can never give bad crypto advice. If it's insecure you've put a vulnerability in the wild that people might pick up on and then you can sell it to the Ukrainian mafia. If it's secure you get a reputation for giving good advice which leads for more opportunities for slipping in the odd insecure advice. And then it's time to cash in with the Ukrainians.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    52. Re:So let's change the algorithm. by Rocketship+Underpant · · Score: 1

      So why bother searching? Since the only reason Gravatar obscures email addresses is to stop spammers, the spammers can just send email to all addresses that correspond to [common user name]@[common domain]. In fact, that's exactly what they do. There's no need to waste time and money breaking MD5 hashes.

      --
      He who lights his taper at mine, receives light without darkening me.
    53. Re:So let's change the algorithm. by plover · · Score: 1

      Actually, it's not infeasible. If you own a botnet with 100,000 machines at your disposal, you could set them to cranking through these hashes. If they could crank through at your estimated speeds (which are generous given that most infected machines are likely to be slower, but it still gets the point across) they'd crack it in less than a day. Even if the problem was two orders of magnitude harder than you suggest, it's still doable in about two months. You are still correct with your tightly qualified statement "every alphanumeric email-address under 12 characters" is infact much too large a keyspace to reasonably cover overnight with a "very simple script", but the margin of comfort is pretty darn thin.

      And if that is too hard, they can simplify the problem by reducing the search space. 12 alphanumeric characters is an arbitrary limit, and if they want to scan them all with their botnet in under a day, they'll just set a timer on the loop and be happy with the output they get -- it may only be all 10 character names instead of 11 or 12, but that's still sufficient for their evil purposes.

      The worse news is that the guys with 100,000 bots in their net are the exact same spammers who have a business motive to come up with email addresses.

      Problems of scale are more complex to analyze than they first appear. The bad guys have resources beyond what you might picture, and unlike cryptography where there is only one correct key, they will derive value from partial results.

      --
      John
    54. Re:So let's change the algorithm. by flyneye · · Score: 1

      Wull, anyway
            No thanks to kdawson who perpetrated this and alerted every spammer with a slashdot tab open that they could start harvesting email addresses there and how to do it.
      DORK! No pie for you!

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    55. Re:So let's change the algorithm. by maevius · · Score: 2, Insightful

      The salt can be user and website dependent (4 bytes user/4 bytes website for an 8 byte salt). Although I think that the added complexity won't be welcomed by the website owners

    56. Re:So let's change the algorithm. by fulldecent · · Score: 1

      >> An email address isn't private... I suspect that MD5 was just a convenient way to get a fixed length id. I'd be more worried about collisions, but i'm too lazy to calculate how many avatars would be required before that might become a problem.

      2^128^.5 = 2^64

      Phew, I'll have to take a break after that one.

      --

      -- I was raised on the command line, bitch

    57. Re:So let's change the algorithm. by GameboyRMH · · Score: 1

      I was thinking of modding you up but instead I'll expand on your explanation: This is not using MD5 collisions or "reversing" the hash in any way. Using a better hashing algorithm would only slow this attack slightly. All TFA is saying is that if you have a list of potential email addresses that might belong to the user, you can hash them and find out if one of them is correct (NO DUH).

      You can generate a list of potential emails using usernames, so you could run through GameboyRMH@aol, gmail (got me!), hotmail, etc, and compare hashes until you find a match. 10% of Gravatar users have an email address of the format username@popularemailprovider.com. The attack this guy used depends on the user's email being of this format.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    58. Re:So let's change the algorithm. by Korin43 · · Score: 1

      But they already have that. They know that korin43 likes computers (and using other websites they could find my name). Now they try every combination of korin43 + common domain name and check md5's to see if it's the right one, but why would they bother? They could skip the md5 step and just send emails. Worst case scenario: They send [number of domains - 1] extra emails (basically free so who cares).

    59. Re:So let's change the algorithm. by Korin43 · · Score: 1

      Sounds like the problem is the authentication system, not the gravatar service. I bet you could crack 90% of these by just trying [username]@gmail.com, yahoo.com and hotmail.com.

    60. Re:So let's change the algorithm. by jamesh · · Score: 1

      2^128^.5 = 2^64

      Phew, I'll have to take a break after that one.

      That's an approximation for a 50% probability though... right? I'd be more inclined to think that anything over a one-in-a-million probability of a collision is unacceptably high, as a collision would break things, but that's what i'm too lazy to figure out. It's not purely a maths problem.

    61. Re:So let's change the algorithm. by Anonymous Coward · · Score: 0

      salt would help.

      just use /gravatar.php?salthash=x&emailhash=y and every site has its own hash, which is known by gravatar and the site onlz

    62. Re:So let's change the algorithm. by LiquidFire_HK · · Score: 1

      How is that going to work? If each site uses a different salt, it will produce a different hash for the same email, thereby defeating the whole purpose of Gravatar.

    63. Re:So let's change the algorithm. by fulldecent · · Score: 1

      Yes. For a birthday attack, math says you need about one square root of the number of items to get a collision.

      2^64 is a lot of items, which is why hashing is still useful.

      But back to TFA, these items should be salted with a secret salt to make the data unusable to outsiders.

      eg: md5('mypass'+$youremail) = useless information to hackers

      --

      -- I was raised on the command line, bitch

  2. No need by Mathinker · · Score: 3, Insightful

    It would have been trivial for them to just add a secret salt string to the email before hashing, and that would have solved most of the problem. It is possible that they wanted to be "nice", in that in the case they go out of business, anyone can regenerate the ID's without them. But, as this guy has shown, that's not a great idea.

    1. Re:No need by palegray.net · · Score: 1

      So, essentially, we're left with the same problem :).

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    2. Re:No need by Anonymous Coward · · Score: 0

      But in order for other sites to use their service, and come up with the same hash, they'd have to make it not so secret. What they need to do is hash it against a user providable string to use as a salt (including the option of nothing at all). Then, all you have to do when signing up with a Gravatar enabled site is provide your email and your personal salt, which would be different for almost ever user.

    3. Re:No need by Garble+Snarky · · Score: 1

      A) Isn't the point of it to be a public system, so that sites can accept users' email addresses, then find the gravatars themselves?

      B) Wouldn't it be equally easy to reverse engineer the salt string, with your own known test email? (As long as the salt is shorter than some limit maybe)

    4. Re:No need by maevius · · Score: 1

      The email matching process for 80871 users takes about one hour (from TFA). Adding a three digit salt would increase the matching process to 999 hours or about 41 days which is not much considering that this is a brute force attack and I believe the user would be unwilling to remember a salt longer than 3 digits. An alternative would be if gravatar would automatically generate a salt and the web site could retrieve this salt (over ssl maybe, for the paranoid among us) on user registration. Then again the user must authorize which sites can retrieve the salt (through an email authorization link maybe?) which would also add complexity to the registration process.

    5. Re:No need by A+beautiful+mind · · Score: 1

      Sites like cpan.org already do the opposite. They take an author's _publicly visible_ email address and try to find a gravatar for it to publicly display if one's available.

      --
      It takes a man to suffer ignorance and smile
      Be yourself no matter what they say
    6. Re:No need by selven · · Score: 1

      No, it would not be easy to reverse engineer the salt string. Even if you know half of the source text and the hash, that does not make it much easier to get the second half of the source. You would still have to try all possible combinations. The secret salt could be:

      example@gmail.com124235rjcw475tvye
      example124235rjc@w475tvyegmail.com
      e1x2a4m2p3l5er@jgcmwa4i7l5.tcvoyme
      124235rjcw475tvyemoc.liamg@elpmaxe

      There are just too many possibilities.

  3. Public address by AlpineR · · Score: 4, Funny

    Here's my own Gravatar hash:

    b835b33911b93c136d8e61cbbbe6736d

    Who will be the first to crack it?

    1. Re:Public address by Yvan256 · · Score: 4, Funny

      Is it wagnerr@umich.edu?

    2. Re:Public address by The_mad_linguist · · Score: 1

      How about wagnerr@umich.edu? /completelymissingthepoint

    3. Re:Public address by edwebdev · · Score: 1, Funny

      Here's a Slashdot post that shows my e-mail address next to my username.

      Who will be the first to crack it?

      Fixed that for you.

    4. Re:Public address by palegray.net · · Score: 4, Funny

      I'm certain his email must be umich@wagnerr.edu. Now I just need to figure out why he's attending Wagner of all schools, and how the heck they managed to typo their own domain name.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    5. Re:Public address by Firehed · · Score: 1

      That took all of one second to find in an md5 lookup database. And thirty seconds for me to realize that I could have looked two lines higher to see it in plaintext next to your userid. :wallbash:

      --
      How are sites slashdotted when nobody reads TFAs?
    6. Re:Public address by lastomega7 · · Score: 1

      Because everyone has only one email. Especially /.ers.

    7. Re:Public address by edwebdev · · Score: 1

      Which is why I checked the md5 hash and found that it matches before posting :)

    8. Re:Public address by grcumb · · Score: 4, Funny

      That took all of one second to find in an md5 lookup database. And thirty seconds for me to realize that I could have looked two lines higher to see it in plaintext next to your userid. :wallbash:

      Upside: You get to keep your geek card.

      Downside: You'll never survive the world outside your basement.

      8^)

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
    9. Re:Public address by Ethanol-fueled · · Score: 2, Informative

      how the heck they managed to typo their own domain name.

      Wagner Computer Science program -- Page Not Found. Looks like that answered your question.

    10. Re:Public address by TangoMargarine · · Score: 1

      Sarcasm?

      --
      Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
    11. Re:Public address by Ethanol-fueled · · Score: 1

      Not at all.

      hint: Scroll down the page until you see the "Computer Science, B.S." link. Click on that link. It's B.S., allright.

    12. Re:Public address by TangoMargarine · · Score: 1

      Okay, so you can get to it via "Departments" but you can't get to it via "Undergrad Programs." I guess you win.

      --
      Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
    13. Re:Public address by Anonymous Coward · · Score: 0

      Reversing an MD5 does not give you the string that produced the hash.

      It gives you *a* string, that, when MD5ed, produces the hash.

      There is a very large difference there.

    14. Re:Public address by grayshirtninja · · Score: 1

      A successful nerd snipe. Well played sir, well played.
      http://xkcd.com/356/

    15. Re:Public address by SatanicPuppy · · Score: 1

      That's just what I was thinking. I use Stack Overflow, and my username is (predictably) Satanicpuppy. 5 seconds of googling will give you my email address, because I treat all information on public forums as public information.

      This is only a problem for people who think that they can really be sure of their privacy because some website takes a half-assed precaution.

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  4. Salt? by aldld · · Score: 0

    I'm no expert in cryptography, but would it be helpful for them to add a salt? (Unless they do that already, of course)

    1. Re:Salt? by QuoteMstr · · Score: 1

      Salting would help a bit here, but far more effective would be key stretching. Hash the email, then feed the hash back through the hash function a few thousand times. The extra computation doesn't have much of an impact when generating a single email identifier, because hash functions are blazing fast, and 1,000 iterations is still blazing fast. But the extra computation grievously hurts people who are using brute force to create rainbow tables, making the whole thing take thousands of times longer.

    2. Re:Salt? by molecular · · Score: 1

      I'm no expert in cryptography, but would it be helpful for them to add a salt? (Unless they do that already, of course)

      The salt would have to be secret, which would ruin the whole point of other sites being able to calculate the md5 and use the gravatar. Making it public wouldn't work, because it would then be known to the attacker.

  5. Possible workaround by Mathinker · · Score: 3, Insightful

    Can anyone tell me if the "you can add extra stuff after a +" that GMail lets you do is standard in the RFC for all email addresses? If it is, to "fix" this, if you should sign up to Gravatar with an email address using a random string after an added "+" the brute force search on hashes will be much, much harder. (Assuming that your email provider is implementing that part of the standard.)

    1. Re:Possible workaround by bennomatic · · Score: 2, Informative

      I've looked through RFC822, and the inclusion of "+" in an email is not excluded, so it's perfectly legal. GMail's functional use of it, however (account+foo@gmail.com and account+bar@gmail.com both go to account@gmail.com, for easy tagging/filing) is just an implementation that takes advantage of the fact that most people do not have + signs in their email addresses.

      The RFC is actually pretty promiscuous; it's only implementations of it that fall short. Did you know that apostrophes are legal in the username portion of the email address? Yet how many web sites do you think would allow you to sign up as "First_O'Last@mailserver.net"? Heck; it's amazing how many sites forbid the '+' sign that Google takes advantage of.

      --
      The CB App. What's your 20?
    2. Re:Possible workaround by Anonymous Coward · · Score: 0

      There is a slightly later RFC (RFC 2822) that allows even more. (Along with the obs stuff from RFC 822 wich allow escaping characters)
      Spaces in the user part? Allowed if you escape them (I think it would look like first\ name@example.com). There is lots of options allowed. Put something in quotes, you can get really strange. For example "Abc@def"@example.com is valid, as is Fred\ Bloggs@example.com and abc\@def@example.com (At least what I can find seems to support that)

      It is part of the reason that people trying to regex the user part end up with about a page worth of stuff if they want to be fully in spec. A quick and dirty 30 character regex will allow email addresses.
      (A Linux Journal article which is see duplicated elsewhere talking about the regex and email thing)

    3. Re:Possible workaround by TubeSteak · · Score: 2, Informative

      Heck; it's amazing how many sites forbid the '+' sign that Google takes advantage of

      Here's what happened in hotmail when I tried to e-mail to [name]+bananas@hotmail.com
      http://i49.tinypic.com/fbjh1j.png
      I googled that odd character and it seems to be Chinese

      Hotmail treats the "send a message from one of your disposable addresses" generated by Spamgourmet as a typo.

      --
      [Fuck Beta]
      o0t!
    4. Re:Possible workaround by QuoteMstr · · Score: 1

      To be fair, sub-addressing (using both the '-' and '+' characters) was around well before the creators of Google graduated from high school.

    5. Re:Possible workaround by pjt33 · · Score: 1

      Did you know that apostrophes are legal in the username portion of the email address? Yet how many web sites do you think would allow you to sign up as "First_O'Last@mailserver.net"?

      I recently sent an e-mail to a firstname.o'connell@host.gov.uk (no need to let her get random spam) in order to submit my response to a consultation the British Civil Service is making on policy relating to voter registration. Crossed my fingers and sent it via gmail.

    6. Re:Possible workaround by TheThiefMaster · · Score: 1

      I don't hold out much hope for slashdot not breaking this link, but here goes: http://translate.google.com/#zh-CN|en|

      Did you see the images part of your google search? Seems one of the meanings (a verb) is used more than the others...

      (if I need to be less subtle, the image search for that character is NSFW)

    7. Re:Possible workaround by Anonymous Coward · · Score: 0

      Here's what sendmail has to say about "plussed users":

      http://www.sendmail.org/m4/misc_features.html
      http://www.google.com/search?q=sendmail+plussed+users+site%3Abooks.google.com

    8. Re:Possible workaround by vegiVamp · · Score: 1

      Of course. Microsoft's entire OS is based around the tenet that users are stupid and will make mistakes all the time, which the software should transparently correct for them.

      --
      What a depressingly stupid machine.
    9. Re:Possible workaround by russotto · · Score: 1

      I've looked through RFC822, and the inclusion of "+" in an email is not excluded, so it's perfectly legal. GMail's functional use of it, however (account+foo@gmail.com and account+bar@gmail.com both go to account@gmail.com, for easy tagging/filing) is just an implementation that takes advantage of the fact that most people do not have + signs in their email addresses.

      It's a common convention that has been around at least since the '90s and probably earlier; I don't know where it started. I use underscores for unique accounts in my own domain, because almost every mail system accepts underscore and I'm concerned that if I use a plus sign, anyone wanting to use it nefariously will strip it off.

  6. So? by Denis+Lemire · · Score: 1

    Unless I'm missing something, the article can be summarized: "Guess the person's email address, check if the md5 hash of the address you guessed matches the Gravatar. If it matches you guessed correctly."

    Nothing to see here. Move along...

    In other news, all password hashes can eventually be cracked by brute force... Oh noes!

    1. Re:So? by gruvmeister · · Score: 1

      That's pretty much it. If someone already knows your real name, and can guess that you may have an email address of your real name at one of the big free hosting providers, they might guess your email address! OH NO STOP THE INTERNET AT ONCE!!

    2. Re:So? by kisielk · · Score: 1

      Exactly. Not like it matters anyway. I even post my email up on my website so people can like, you know, email me!

    3. Re:So? by icepick72 · · Score: 1

      Except that the said mechanism provides a sure way to verify that an email address exists. Once an addy is correctly guessed the user cannot pretend to hide by not responding to resulting spam, because that account is *known* to exist prior to spamming (not a shot in the dark like most spam attempts) And it's known for sure because StackOverflow requires a valid email address when a user signs up for an account - to carry out StackOverflow account verification through an email link sent to the user for clicking. In other words, one layer of protection has been taken away, although I think it's very topical and personally am not worried about my SO account because the associated Gmail account filters out spam great.

    4. Re:So? by Anonymous Coward · · Score: 0

      Wrong. Generate a list of likely hashes, and compare. It would be quite easy if you can guess thier domain (ie. hotmail). Rainbowtable for @hotmail.com on Amazon wouldn't cost that much to generate.

    5. Re:So? by Anonymous Coward · · Score: 0

      Except that the said mechanism provides a sure way to verify that an email address exists. Once an addy is correctly guessed the user cannot pretend to hide by not responding to resulting spam, because that account is *known* to exist prior to spamming (not a shot in the dark like most spam attempts) And it's known for sure because StackOverflow requires a valid email address when a user signs up for an account - to carry out StackOverflow account verification through an email link sent to the user for clicking.

      In other words, one layer of protection has been taken away, although I think it's very topical and personally am not worried about my SO account because the associated Gmail account filters out spam great.

      Unless I only created the email addy to exist long enough to respond to the one-time email.
      Or just created an account that gets checked once a week by my Thunderbird client which just auto-deletes all messages, since ANY messages to that email WILL be unsolicited.

      Really people this isn't hard. Back in 1996 I had to explain to people that yes, you could use more than one email address, and use at least one for high-risk spam-attracting activity solely. I shouldn't have to explain it again 13 years later, especially to slashdotters.

  7. Rainbow Tables by Anonymous Coward · · Score: 0

    Can anyone say Rainbow Tables? Tweak the algorithm to output valid e-mail addresses. As for the salt, as long as it isn't known, while it can make is computationaly difficult, it won't stop some addresses from being hacked using the aforementioned method.

  8. At first glance... by fahrbot-bot · · Score: 1

    ...I thought "Gravatar" was a new theoretical exotic particle, like a Graviton, especially when used with the following "can leak", but this actually makes more sense - sort of - though I don't know if "leak" is the best verb here. In any case, I gotta stop reading science journals late at night.

    --
    It must have been something you assimilated. . . .
    1. Re:At first glance... by Barny · · Score: 1

      No, Gravatar is the son of Gappa, the Triphibian monster.

      --
      ...
      /me sighs
    2. Re:At first glance... by Psaakyrn · · Score: 2, Informative

      And you didn't think of Gravitar instead? Kids these days...

      http://en.wikipedia.org/wiki/Gravitar

    3. Re:At first glance... by Randle_Revar · · Score: 1

      gravatar also sounds like an alternate name for a black hole.

      --
      Climate Progress - Hell and High Water
    4. Re:At first glance... by Anonymous Coward · · Score: 0

      I was certain that Gravatar was a character from the Hitchhikers Guide to the Galaxy.

  9. Why is this a problem? by gman003 · · Score: 2, Insightful

    Do you consider your email address private info, need-to-know only? With a decent spam filter and easy-to-use block features, it really isn't a problem. I provide mine to pretty much anyone who asks. The only thing I do is keep it in a non-scrapable format, to keep it from getting on too many spam lists.

    1. Re:Why is this a problem? by u38cg · · Score: 1

      Having now exposed my current email publicly for ~6 years now, I have come to the conclusion that spammers don't, mostly, screenscrape or trade addresses. I used to post a fair bit on Usenet and I am fairly sure most of the spam I get is from spammers who picked up my email address there. I now typically get about 3-400 spam per month, which is a pretty reasonable trade-off for transparency.

      --
      [FUCK BETA]
    2. Re:Why is this a problem? by John+Hasler · · Score: 1

      > I used to post a fair bit on Usenet and I am fairly sure most of the spam I
      > get is from spammers who picked up my email address there.

      I still post a fair bit on Usenet. Most of the spam I get is not from spammers who picked up my email address there.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  10. So? by trapnest · · Score: 1

    Maybe I am missing the point, but who cares?
    I understand that there is this huge number of people that think that an email address is private information, but why?

  11. Add a user supplied "salt" by Game_Ender · · Score: 1

    Gravatar just needs every user to supply a "salt" along with there email where ever there gravatar is used, they could even call it a password. Combine the password/salt with the emacs to generate the hash. This would make guessing the email from the hash much more difficult.

    1. Re:Add a user supplied "salt" by Anonymous Coward · · Score: 0

      rofl @ emacs reference

    2. Re:Add a user supplied "salt" by molecular · · Score: 1

      Gravatar just needs every user to supply a "salt" along with there email where ever there gravatar is used, they could even call it a password. Combine the password/salt with the emacs to generate the hash. This would make guessing the email from the hash much more difficult.

      yeah, as salt they could even use the gravatar image itself.
      In other words: I think this approach would render the usefullness of the service almost non-existant. It's not much harder to up a png than to remember some salt and enter it.

  12. Only the rainbow tables matter by Anonymous Coward · · Score: 0

    TFA suggests trying email addresses related to the user's ID on some site and domain names of large hosting companies (for example, Michael Smith might be msmith@example.com, or michael.smith@example.com) and testing whether or not their md5sum is the same as the one associated with the avatar. However, a bad guy could just send any message to all such addresses and hope one hits. Of course, he might accidentally be spamming some other suckers with the same name, but no true villain would be bothered by this sort of collateral damage.

    The rainbow table suggestion is more serious, since someone could find out your email address even if your screen name is different from the name in your email. (So if you registered at a site as "anonymous_user", but provided the Gravatar people with an email address containing your real name, then the bad guys could find out your real name.) This is bad, but as a mitigating factor, the real name has to be in the rainbow table in the first place, so it is probably fairly common. If the villain finds out your name is Michael Smith, he probably still has no idea which Michael Smith you are.

  13. This is news to me by mok000 · · Score: 1

    Wow. You can glean information from the Internets. I didn't realize that.

  14. e9af4cb49c97162d6be3ea8c6ca90a46 by iSzabo · · Score: 2, Funny

    I actually *just* (20 minutes ago) put my picture up there. Can you guess my email ;)

    1. Re:e9af4cb49c97162d6be3ea8c6ca90a46 by kent.dickey · · Score: 1

      I'm not sure if you were sarcastic or not, but your email address is at gmail, and I'm gonna mention Fight Club, and there's no I in team. Do you want me to post your email address more plainly?

      So, yeah, posting email hashes is only a little bit safer than posting the full text.

    2. Re:e9af4cb49c97162d6be3ea8c6ca90a46 by Anonymous Coward · · Score: 5, Interesting

      Your email is: tyler.szabo _AT_ gmail.com

      md5 -s "tyler.szabo@gmail.com"
      MD5 ("tyler.szabo@gmail.com") = e9af4cb49c97162d6be3ea8c6ca90a46

      For bonus points, your name is Tyler Szabo, you go to University of Waterloo and plan on graduating in 2011. You work at Amazon. You are in a relationship with a Kaylan Elizabeth L. (last name withheld as a courtesy, I'm sure you know who I mean :) ).

      I found out you registered this, looked up your avatar on Gravatar, found you on Stack Overflow which gave me your real name (searched for Szabo assuming that was something to do with you). Using this, I looked you up on Facebook, Twitter, and various other sites. Your single avatar helped me link everything together. Once I had your real name from Stack Overflow it became easy.

      Good times. Perhaps this reveals another security vulnerability? One avatar links -ALL- your social networking.

      I also have your parents, previous employers, etc, but won't post those here :)

    3. Re:e9af4cb49c97162d6be3ea8c6ca90a46 by Anonymous Coward · · Score: 0

      I am Jack's complete lack of surprise.

    4. Re:e9af4cb49c97162d6be3ea8c6ca90a46 by iSzabo · · Score: 1

      I thought my Slashdot profile was set to show it. :) If not, I'm going to go change it.

    5. Re:e9af4cb49c97162d6be3ea8c6ca90a46 by Anonymous Coward · · Score: 1, Interesting

      Yes, you're smart to figure all that out.
      But then you do not have to leave slashdot to solve the riddle:

      by iSzabo (1392353) on Wednesday December 16, @01:04AM (#30454460)

      I don't know if Facebook keeps track of visitors to ones profile (some networks do), but possible tyler can now guess who you are as well.

      - 043dc29be78d00413a3da8611fd93451

    6. Re:e9af4cb49c97162d6be3ea8c6ca90a46 by Anonymous Coward · · Score: 0

      I can also tell that Kaylan Elizabeth is female

    7. Re:e9af4cb49c97162d6be3ea8c6ca90a46 by Anonymous Coward · · Score: 3, Funny

      Your email is: tyler.szabo _AT_ gmail.com

      md5 -s "tyler.szabo@gmail.com"

      Nice job obfuscating his email in the first line.

    8. Re:e9af4cb49c97162d6be3ea8c6ca90a46 by Anonymous Coward · · Score: 0

      You also spend a large amount of time in the SE Lab, reminiscing about your classes with Dr. Chang.

    9. Re:e9af4cb49c97162d6be3ea8c6ca90a46 by Anonymous Coward · · Score: 0

      Slashdot actually shows his email (""), which is why he got modded Funny, I guess.

  15. nope by furbearntrout · · Score: 1

    that addy has a different icon

    --
    Crap. What did the new CSS do with the "Post anonymously" option??
    1. Re:nope by KDingo · · Score: 2, Informative

      It is, actually. If you don't include the -n option for echo, it will insert a \n to the string, changing the md5, which is the hash you got.

    2. Re:nope by ndogg · · Score: 1

      try again
      $ echo -n wagnerr@umich.edu|md5sum -

      --
      // file: mice.h
      #include "frickin_lasers.h"
    3. Re:nope by Anonymous Coward · · Score: 0

      proof:
      # echo -n 'wagnerr@umich.edu' | md5sum -b
      b835b33911b93c136d8e61cbbbe6736d *-

    4. Re:nope by furbearntrout · · Score: 1

      well, crap.
      man echo | paste-to-forehead; facepalm

      --
      Crap. What did the new CSS do with the "Post anonymously" option??
  16. use email+whatever@domain.com by topham · · Score: 2, Insightful

    Use your email address with "+randomsequence"@

    Randomsequence will have to be consistent between the user and the sites they want the gravatar to work at, but it will generate an MD5 hash different than their actual address; yet if the site sends email to the user with it the user will receive it.

  17. Big deal... by Anonymous Coward · · Score: 0

    If you have an MD5 hash of a file or phrase, like an email, and have candidates, you can compare them and see if there's a match! Video at 11!

    But seriously, this approach isn't really novel, just a novel application of existing technology. That said, it only effects users who's emails were already easily guessable. If your username is Jon Robert and your email is jon.robert@gmail.com...well, if I was guessing without this, I'd guess that first anyways. All this does it permit you to confirm an email. This is an exploit, but not really all that dangerous of one, because it doesn't reveal emails, only let you confirm that the email you guessed exists and what it is.

    The approach of using rainbow tables, only discussed briefly, is a bit more concerning, and I'd like to see more about this.

  18. easier than other methods? by bcrowell · · Score: 2, Interesting

    But is this significantly easier than other methods of harvesting email addresses? Spammers already do dictionary attacks on big providers like yahoo. It's not clear to me that this method is a better way of generating a list of email addresses. If you carry out a dictionary attack on yahoo.com, you're going to come up with probably tens of millions of valid email addresses. If you carry out this attack on gravatar.com, how many addresses are you going to get for your trouble? 10% of gravatar's users, apparently -- which I'm guessing is not really that big a number. Remember, once a spammer has a botnet, it costs him zero to send out one more spam to test whether a particular address is valid. Therefore the dictionary attack is free.

    The defense against dictionary attacks is also exactly the same as the defense against this attack: either don't use a big email provider, or use a big email provider but pick a username that has a lot of characters (so it's not vulnerable to brute-forcing) and is also not vulnerable to dictionary attacks.

    --
    Find free books.
  19. Does explain ... by Anonymous Coward · · Score: 0

    ... the emails about ad I got today on my email address I used to register a gravatar.

  20. Not A Bug by lhunath · · Score: 3, Insightful

    Email addresses are usernames. They are not secret information. If somebody can be bothered enough to find your email address through brute-forcing the MD5 hash of it; you've got bigger problems.

    Far more than "10% of stackoverflow.com's users" can have their email addresses GUESSED far faster. Likely your email address is also FAR easier to establish through a simple Google search on your pseudonyms.

    If you for some odd reason want your email address to be secret; for the same name as wanting a secret pseudonym or using a false name when signing up; register a fake email address instead (and set it up for forwarding). You're giving your email address in clear text to the site's owner and all the internet hops inbetween him and you ANYWAY.

    It's important to learn to distinguish between what is a secret and what is not; and if you want to make things secret, at what level you should put your trust.

    --
    ``OK, so ten out of ten for style, but minus several million for good thinking, yeah?''
    1. Re:Not A Bug by ukyoCE · · Score: 1

      I'd disagree. Every site I can think of off the top of my head uses e-mail addresses and usernames as separate entities if the username is public. For instance netflix uses e-mail addresses to login, but they have you create a separate username for posting reviews and other shared/social parts of the site. Likewise slashdot makes sharing your e-mail address optional. And even the site in question tried to hide the e-mail address, they just did a very poor job of it.

    2. Re:Not A Bug by lhunath · · Score: 1

      My point was that your email address is not your password or the answer to your secret question.
      It is not your credit card number or the code to your safe.

      It is contact information that people can find out if they want to, simply because that's the very purpose of it.

      Spammer crawlers aren't going to bother with reversing the MD5 of your email address.

      And if you're trying to hide your contact information from other people, you failed when you started using it for signing up at gravatar-esque services in the first place.

      --
      ``OK, so ten out of ten for style, but minus several million for good thinking, yeah?''
    3. Re:Not A Bug by Anonymous Coward · · Score: 0

      Email addresses are usernames. They are not secret information.

      I believed that until spam became a huge problem. Now I no longer notice any spam because of filters, but every now and then I have problems with e-mail not being delivered. Spammers aren't monitoring internet hops. Geeze.

  21. Public Key Encryption by paul248 · · Score: 1

    What if Gravatar published a public key, and sites displaying Gravatars pointed their image links to encrypt(gravatar_id + random_salt)? It seems like this would solve the problem, since people viewing the page can't get access to the users' real Gravatar IDs. Sure, the forum sites would still see your Gravatar ID, but they already have your email address in the first place.

    1. Re:Public Key Encryption by Anonymous Coward · · Score: 0

      This would have some disadvantages for Gravatar:

      - They'd have to decrypt every request, so their CPU cost increases.
      - The same Gravatar would have different URLs on different sites, which reduces the effectiveness of HTTP caching, so their bandwidth cost increases.

    2. Re:Public Key Encryption by Kijori · · Score: 1

      Two points.

      Firstly, the image files can't be static if you're using the salt, since the gravatar backend would have to remove it and look up the gravatar_id; this would increase running costs for gravatar by a considerable amount. Second, if you're using a gravatar_id why bother with the encryption? As long as there's no way for the gravatar ID to be resolved back to an email address it doesn't matter if people know it, especially since knowing the encrypted version would necessarily be functionally identical.

      A nicer solution - still with the problem of no longer being static image files - would be
      -User inputs email address
      -Site connects to the gravatar server, using the unique encryption key it was given by gravatar to authenticate itself and send the email address (much like how reCaptcha works)
      -gravatar service sends back a link to a static image associated with that user. This link can be stored for future use.

      This puts less strain on the gravatar servers, since the repeated image-serving is static, and also avoids there being any way to link images back to email addresses.

      Still doesn't answer the question, though, of whether there's any point trying to brute-force gravatar when the addresses in your dictionary are already part of your indiscriminate mailings.

  22. The Guardian says... by Anonymous Coward · · Score: 0

    Gravatar! ... for i shall be your provider... your companion, meh, YOUR MASTER!

  23. No salting by Mathinker · · Score: 1

    I more or less agree with you that this isn't particularly newsworthy (is Gravatar all that widely used?), except for the fact that if they had bothered to add a random, secret salt before hashing, everything would have been secure (or rather, as secure as the secret salt).

    > In other news, all password hashes can eventually be cracked by brute force... Oh noes!

    True, but that is like saying "No encryption which uses a key smaller than the length of the ciphertext is secure": mathematically true, but not true in practice.

    I think what you should have said instead was:

    "In other news, doing security is harder than you think."

  24. In the grand scheme of things this is pretty minor by Just+Brew+It! · · Score: 2, Funny

    It's not exactly big news that a system based on MD5 hashes is susceptible to dictionary-style attacks; this should be obvious to anyone who understands how hashes work. In order for this particular attack to work, the attacker already has to have some reasonable guesses as to what your e-mail address is; the Gravatar trick only confirms the address. So it seems to me that the amount of additional data leaked is fairly small.

    OTOH, I suppose I'm somewhat desensitized to this sort of thing, since I've had the same primary e-mail address for something like 15 years (going back to the days when I was rather active on Usenet). My e-mail address is already in every spammer database on the planet, so I don't see how a few more people knowing it could make things any worse!

  25. Provide an API by Mathinker · · Score: 1

    A) Isn't the point of it to be a public system, so that sites can accept users' email addresses, then find the gravatars themselves?

    I suppose you're right. In which case no trivial workaround can exist (because the attacker just pretends to be a website wanting to discover the guessed emails' avatars). OTOH, if Gravatar would implement a two-step API for getting the information, and implement rate limits on the API, doing the attack could be made much, much harder.

    I vaguely remember looking at the Gravatar site when it opened up a long time ago, but personally I have no use for avatars and prefer not to have a global net persona (or at least one which is trivially assembled from all of the little persona pieces I have spread around).

    B) Wouldn't it be equally easy to reverse engineer the salt string, with your own known test email? (As long as the salt is shorter than some limit maybe)

    The whole point of using a salt (in my eyes, anyway) is that it should be long enough that brute forcing it is unreasonable.

  26. Could provide an API by Mathinker · · Score: 2, Interesting

    From Gravatar's FAQ:

    MD5 isnt strong enough encryption, they’ve cracked that havent they?

    MD5 is plenty good for obfuscating the email address of users across the wire. if you’re thinking of rainbow tables, those are all geared at passwords (which are generally shorter, and less globally different from one another) and not email addresses, furthermore they are geared at generating anything that matches the hash, NOT the original data being hashed. If you are thinking about being able to reproduce a collision, you still don’t necessarily get the actual email address being hashed from the data generated to create the collision. In either case the work required to both construct and operate such a monstrocity would be prohibitively costly. If we left your password laying around in the open as a plain md5 hash someone might be able to find some data (not necessarily your password) which they could use to log in as you... Leaving your email address out as an md5 hash, however, is not going to cause a violent upsurge in the number of fake rolex watch emails that you get. Lets face it there are far more lucrative, easier, ways of getting email address. I hope this helps ease your mind.

    So, they might have already thought about this vulnerability and dismissed it as not interesting.

    They could still fix their concept by providing an API where a website wanting to discover the avatar for a given email first hashes the email with MD5 and then the Gravatar URL which is generated redirects them to a link to the image (which contains no information about the email address, or perhaps uses a salted hash). This, in conjunction with rate limiting the number of queries per website, could provide a relatively secure way to do what they want.

  27. Re:In the grand scheme of things this is pretty mi by ysth · · Score: 1

    Agreed. In fact, when I first created a gravatar, this "newly discovered" problem immediately occurred to me; I suspect the same is true for many other gravatar users.

  28. You could add a salt yourself by Homburg · · Score: 1

    I guess you could add a salt yourself, at least of your email provider works like gmail, and allows you to supply a meaningless string after a +. If the first part of your email address is guessable from your username, you could do something like:

    homburg+randomsalt@gmail.com

  29. Simple way to protect yourself by Umangme · · Score: 2, Insightful

    Some email providers have a simple way of giving you a throw away id. E.g example+slashdotnospam@gmail.com is sent to example@gmail.com.

    Say my name is Lary Page. If my email id is lary.page@gmail.com, I can still protect myself so that you will never get my email id.

    MD5 (lary.page@gmail.com) = "1b8dbe98e2b1138fd3ba34e26fc55107".

    So I provide my email id as lary.page+1b8dbe98e2b1138fd3ba34e26fc55107@gmail.com. If I gave you the md5 of that id, you'll find it hard to get back to lary.page@gmail.com.

    Try, the MD5 hash of the above email id is 803efbc80ead933f28d0704d43d1f63b.

  30. In other news, Water is wet by SlightOverdose · · Score: 1

    I think most of us figured out this possibility within 30 seconds of seeing how Gravatar worked.

    One solution would be to have a private salt known only to Gravatar and the implementing website. Gravatar could determine the correct salt to use base on the referrer.

    Of course this would mean each subscriber would need to be hashed against each salt in the Gravatar database.

    In either case, I don't think it's really that big a deal.

  31. a pinch of salt by Meltir · · Score: 1

    Call me when he finds a way to determine the email after gravatar starts adding a pinch of salf to the hashed emails...

    1. Re:a pinch of salt by abell · · Score: 1

      Call me when he finds a way to determine the email after gravatar starts adding a pinch of salf to the hashed emails...

      Call me when gravatar starts adding a pinch of salt to the hashed emails ;-)

  32. Who cares? by johny42 · · Score: 2, Interesting

    Using @ instead of @ is enough to stop most e-mail harvesting bots, I don't see them brute-forcing MD5s any time soon.

  33. How is that news? by Tei · · Score: 1

    Is obvious for everyone that understand how it work.
    Geez...

    As the email of Gave (from Valve) is well know, and gravatars can be used in a pseudoanonymous way, I tried to search internet for the hash of is email in images.google.com. Not found. Either Gabe don't talk in forums gravatar powered, or he use a different email address.

    So, If you use gravatars, and other people know your email, can search your post. This is obvious from the use of md5. With your addres hashed with md5 spamm bots can't collect address, but thats is, not privacy.

    --

    -Woof woof woof!

  34. Not the algorithm by panaceaa · · Score: 2, Interesting

    This is not related to the MD5 algorithm or use of salts. The fact is that Gravatar wants sites to use Gravatar without sending loads of requests to gravatar.com. Therefore Gravatar must provide a "client-side" API for generating Gravatar avatar URLs based on the known constant, email addresses. Sure, they could have salted things, but whatever they do, there's an essentially open source function somewhere that takes an email address and converts it to a Gravatar URL. As the algorithm is available to anyone, any attack can use it to check intelligent guesses against the known algorithm result.

    There really isn't anything Gravatar can do without changing their design to decouple avatar URLs from email addresses. Basically whenever anyone registers an account with a blog, the site would have to ask Gravator for the user's Gravatar avatar URL -- and probably poll on some regular basis in case users add Gravatar avatars later. The blog would then have to pertain this data in their databases for later look-up when comments are viewed. This is certainly possible, and could probably be designed in a way that doesn't add additional load to Gravatar's servers. But compared to the current implementation, which can be added to blogs with very minimal coding (probably just a couple lines in PHP), to do this more safely would require persistence-layer/database schema changes that would severely limit the attractiveness of Gravatar.

    --
    my blog
  35. Thats why I use.... by hesaigo999ca · · Score: 1

    That's why I use a new hotmail address usually made with the sites name and my own to keep logs of everything that comes from there, so if anything is compromised, then I know usually where it comes from. Also I have no worries someone gets my address as it is irrelevant seeing as it is not my real one.

  36. Why bother salting by oobayly · · Score: 1

    The point of TFA is that one can identify the user's email address from the hash. The question is, why hash the email address. It could be just as easy to hash an integer value unique for the user. Hell, it could even be an incremental. Who cares if somebody can identify that joe@nothing.com has a Gravatar ID of 123. That ID can't be traced back to any specific Gravatar account, as the link between ID and email address would be internal.

  37. Not News by GreyyGuy · · Score: 1

    The important part of the trick is that you have to assume the email address is the same as the username and then compare the hashes of that name @yahoo.com, @hotmail.com, @gmail.com, and other popular email services. Because people that use those webmail addresses have never received spam before.

    If any spammer did try this, I would expect them to be very pissed off to discover that after all that work they already had 99% or more of those addresses to begin with.

  38. If your email address is simple... by argent · · Score: 1

    If your email address is common-word@famousprovider.com, then the spammers have already put your email address into their lists. Why not? They don't care if 95% of the mail they send bounces, and they don't care if they target any specific person, the "hit" rate they need to make a profit is is negligible. I see spam attempts to thousands of never-existed addresses on my colo, and my home domain is pretty damn obscure. I'm sure Gmail gets hits from aaron.aardvark through zephram.zymurgy continually.

  39. Give it now! by Anonymous Coward · · Score: 0

    Pass the salt please.