Gravatars Can Leak Users' Email Addresses 170
abell writes "Gravatar offers a global avatar service, using an MD5 hash of the user's email as avatar ID. This piece of information in some cases is enough to retrieve the original email address. Testing a simple attack on stackoverflow.com, I was able to determine the email addresses of more than 10% of the site's users."
Re:So let's change the algorithm. (Score:3, Informative)
It's not, any hashing function would be subject to the same problem. If you RTFA you'll find that they just brute force combinations of the user name and common email domains.
To actually fix this would require not hashing (only) email address, you could mix in some secret salt with the email before hashing, or you could use encryption (with a secret key), or you could just hand out unique identifiers which are associated only in the Gravitar database. I don't know if any of these are feasible for this particular application though.
Re:So let's change the algorithm. (Score:5, Informative)
Re:So let's change the algorithm. (Score:3, Informative)
MD5 collisions actually don't help the attacker here, in fact, an MD5 collision would simply be a false positive for this case (the attacker thinks they've found the email address, but they haven't).
Re:At first glance... (Score:2, Informative)
And you didn't think of Gravitar instead? Kids these days...
http://en.wikipedia.org/wiki/Gravitar [wikipedia.org]
Re:Possible workaround (Score:3, Informative)
The RFC is actually pretty promiscuous; it's only implementations of it that fall short. Did you know that apostrophes are legal in the username portion of the email address? Yet how many web sites do you think would allow you to sign up as "First_O'Last@mailserver.net"? Heck; it's amazing how many sites forbid the '+' sign that Google takes advantage of.
Re:So let's change the algorithm. (Score:4, Informative)
Not really, since the salt would need to be publicly known for Gravatar to work (and it would break any backwards compatibility to add it in now). This was a 'social engineering' attack, not a rainbow table lookup – it pieced the name together with common providers to find a matching MD5. Salt would just add a single extra step.
I believe it's exactly the same problem/attack as was brought up about MicroID [wikipedia.org] in the past. The idea of Pavatar [pavatar.com] is a much better way to do this sort of avatar-finding (though the decentralisation comes with its own problems), since it relies on a public web address instead of a semi-private e-mail address.
Re:nope (Score:2, Informative)
It is, actually. If you don't include the -n option for echo, it will insert a \n to the string, changing the md5, which is the hash you got.
Re:Public address (Score:2, Informative)
Wagner Computer Science program -- Page Not Found. [wagner.edu] Looks like that answered your question.
Re:Possible workaround (Score:3, Informative)
Heck; it's amazing how many sites forbid the '+' sign that Google takes advantage of
Here's what happened in hotmail when I tried to e-mail to [name]+bananas@hotmail.com
http://i49.tinypic.com/fbjh1j.png [tinypic.com]
I googled that odd character and it seems to be Chinese [google.com]
Hotmail treats the "send a message from one of your disposable addresses" generated by Spamgourmet as a typo.
Re:So let's change the algorithm. (Score:3, Informative)
Re:So let's change the algorithm. (Score:5, Informative)
1) register as a website with gravatar, find out how long the salt is
2) register on stackoverflow with your email address
3) enumerate the possibilities until you find the hash of your own address and therefore the salt
4) extract 8000+ emails from stackoverflow
5) repeat for other sites