Gravatars Can Leak Users' Email Addresses

abell writes "Gravatar offers a global avatar service, using an MD5 hash of the user's email as avatar ID. This piece of information in some cases is enough to retrieve the original email address. Testing a simple attack on stackoverflow.com, I was able to determine the email addresses of more than 10% of the site's users."

So let's change the algorithm.

[palegray.net]

If this is directly related to MD5 (as it would seem), let's hope Gravatar switches to another algorithm. Of course, this won't do much about the existing hashes I suppose.