Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

170 comments

Slashdot users are faggots (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30454204)

You are all faggots. Mod me down if you agree with the faggot that you are raging faggots.

Re:Slashdot users are faggots (-1, Troll)

Ethanol-fueled (1125189) | more than 4 years ago | (#30454598)

Not true. Faggots bathe regularly and dress themselves every morning.

So let's change the algorithm. (0, Flamebait)

palegray.net (1195047) | more than 4 years ago | (#30454218)

If this is directly related to MD5 (as it would seem), let's hope Gravatar switches to another algorithm. Of course, this won't do much about the existing hashes I suppose.

Re:So let's change the algorithm. (-1)

Anonymous Coward | more than 4 years ago | (#30454236)

If this is directly related to MD5 (as it would seem), let's hope Gravatar switches to another algorithm. Of course, this won't do much about the existing hashes I suppose.

avatars are gay anyway, so HAH-HAH!

Re:So let's change the algorithm. (1)

Cryacin (657549) | more than 4 years ago | (#30454248)

I'm sure that there will be a lot more emails offering mostly new Bolex watches in a few inboxes around...

Re:So let's change the algorithm. (3, Insightful)

sam0737 (648914) | more than 4 years ago | (#30454244)

No it's not related to MD5 itself. period.

Re:So let's change the algorithm. (0, Offtopic)

palegray.net (1195047) | more than 4 years ago | (#30454266)

Really? Are you familiar with MD5 [wikipedia.org] collisions [mscs.dal.ca] ?

Re:So let's change the algorithm. (5, Informative)

geekpowa (916089) | more than 4 years ago | (#30454294)

The attack doesn't rely on MD5 itself or MD5 collisions. It would work no matter what hashing algorithm was used.

Re:So let's change the algorithm. (1)

palegray.net (1195047) | more than 4 years ago | (#30454342)

Yeah, I read it wrong :). Salt probably would've helped a bunch, though.

Re:So let's change the algorithm. (3, Informative)

broken_chaos (1188549) | more than 4 years ago | (#30454578)

Not really, since the salt would need to be publicly known for Gravatar to work (and it would break any backwards compatibility to add it in now). This was a 'social engineering' attack, not a rainbow table lookup – it pieced the name together with common providers to find a matching MD5. Salt would just add a single extra step.

I believe it's exactly the same problem/attack as was brought up about MicroID [wikipedia.org] in the past. The idea of Pavatar [pavatar.com] is a much better way to do this sort of avatar-finding (though the decentralisation comes with its own problems), since it relies on a public web address instead of a semi-private e-mail address.

Re:So let's change the algorithm. (1)

maevius (518697) | more than 4 years ago | (#30454806)

Salt could work if it was only known between the web site owner and Gravatar. After all the users only need the hash to download the avatar. But I guess that would be security through obscurity, and we don't want that.

Re:So let's change the algorithm. (1, Funny)

Anonymous Coward | more than 4 years ago | (#30454732)

I think you need to stop giving crypto advice for the day, it's not going very well.

Re:So let's change the algorithm. (0)

Anonymous Coward | more than 4 years ago | (#30455072)

You are not very clever are you? Let me guess, still in high school? Would explain a lot.

Re:So let's change the algorithm. (2, Informative)

Mad Merlin (837387) | more than 4 years ago | (#30454298)

MD5 collisions actually don't help the attacker here, in fact, an MD5 collision would simply be a false positive for this case (the attacker thinks they've found the email address, but they haven't).

Re:So let's change the algorithm. (4, Insightful)

Firehed (942385) | more than 4 years ago | (#30454366)

I [benramsey.com] disagree. [gromweb.com]

Granted, those are basically very unsophisticated databases that just store lookup values, but it's relatively easy to bruteforce an MD5 hash down into one of the possible original strings (obviously with any algorithm that has a fixed output size with limitless inputs like MD5 there are infinite inputs that will hash down to a single md5sum, but when you're trying to get a valid email address out of a hash it's easy to pick the right one). Couple that with the fact that in this situation, you know that the entire string is lowercased and probably 60% of the gravatar emails (probably more like 90% actually) are going to come from one of four or five domains... reversal becomes quite easy. If you're bored, you could spin up a few Amazon EC2 or Rackspace Cloud Server instances to dump out some large tables. One each for gmail, yahoo, msn, aol, whatever else; it'd be a very simple script to make. You could probably cover every alphanumeric email address under 12 characters overnight, at a cost of about a dollar and ten minutes of scripting.

The thing to realize here is that gravatar doesn't md5 emails to hide them from people who want to obscure their identity, just to obscure them from spambots. So it's really a non-issue. If you're that concerned, leave your blog comments with a fake email address.

Re:So let's change the algorithm. (1)

mlts (1038732) | more than 4 years ago | (#30454456)

You hit the nail on the head. If one uses these, they should either use an alias (I know Hushmail and Yahoo both offer alias functionality) that they can filter incoming mail with.

Even better, because Gravatar is essentially Alice and Bob, they should have gone with either a salt (64 bits is "meh", 128 is decent, 256 is good for the forseeable future), SHA-256, and toss in a site key that only their backend database knows. This way, it would be immensely difficult to associate the hash with an E-mail address even if the attacker suspected both were connected.

Best of all would just to have Gravatar use random nonces and have their backend database store the nonce -> user tuple. This way, there is no algorithm that would allow an attacker to correlate decisively the pictures and E-mail addresses. Even better would be a many to one ratio so a user can have hundreds of nonces, so an attacker couldn't use frequency guessing to figure out an E-mail address.

Re:So let's change the algorithm. (3, Insightful)

Eivind (15695) | more than 4 years ago | (#30454644)

Doubt it. there's 26 letters and 10 digits, in addition to that . is very common in email-adresses. Thus you get 37 possibilities for each position. 37 to the 12th power is 6582952005840035281 hashes to run, and even if you do 10^9 Hz (i.e. one giga-hash-a-second, which would require on the order of a few hundred cores), you'd still need 208 years to do that many hashes -- then you need to look up each of them in gravatar, and analyze the result for a hit-or-miss.

"every alphanumeric email-address under 12 characters" is infact much too large a keyspace to reasonably cover overnight with a "very simple script".

It's not a large enough keyspace to be cryptographically secure, but it's large enough to not be trivially exhaustible.

Re:So let's change the algorithm. (1)

seifried (12921) | more than 4 years ago | (#30454860)

But you can easily get a list of known good domains and common user names (or you can just get a list of email addresses) which significantly reduces the search space.

Re:So let's change the algorithm. (2, Insightful)

rve (4436) | more than 4 years ago | (#30454872)

That's assuming email addresses are random sequences of letters, digits and dots.

If you're a spammer and don't mind missing the email of mr. q9x7.3f.1zzp@hotmail.com, a phone book would probably provide an effective dictionary for narrowing that keyspace considerably

Re:So let's change the algorithm. (0)

Anonymous Coward | more than 4 years ago | (#30454960)

i think that one could start combining the registered username with some classic mail domains to speed up the search

Re:So let's change the algorithm. (1)

ysth (1368415) | more than 4 years ago | (#30454998)

I [benramsey.com] disagree. [gromweb.com]

Granted, those are basically very unsophisticated databases that just store lookup values, but it's relatively easy to bruteforce an MD5 hash down into one of the possible original strings

No, it's not. Or at least, it only is if you have truly awesome amounts of time or computing resources to spend. Hence lookup databases like those you reference.

No need (3, Insightful)

Mathinker (909784) | more than 4 years ago | (#30454246)

It would have been trivial for them to just add a secret salt string to the email before hashing, and that would have solved most of the problem. It is possible that they wanted to be "nice", in that in the case they go out of business, anyone can regenerate the ID's without them. But, as this guy has shown, that's not a great idea.

Re:No need (1)

palegray.net (1195047) | more than 4 years ago | (#30454276)

So, essentially, we're left with the same problem :).

Re:No need (0)

Anonymous Coward | more than 4 years ago | (#30454290)

But in order for other sites to use their service, and come up with the same hash, they'd have to make it not so secret. What they need to do is hash it against a user providable string to use as a salt (including the option of nothing at all). Then, all you have to do when signing up with a Gravatar enabled site is provide your email and your personal salt, which would be different for almost ever user.

Re:No need (1)

maevius (518697) | more than 4 years ago | (#30454902)

The email matching process for 80871 users takes about one hour (from TFA). Adding a three digit salt would increase the matching process to 999 hours or about 41 days which is not much considering that this is a brute force attack and I believe the user would be unwilling to remember a salt longer than 3 digits. An alternative would be if gravatar would automatically generate a salt and the web site could retrieve this salt (over ssl maybe, for the paranoid among us) on user registration. Then again the user must authorize which sites can retrieve the salt (through an email authorization link maybe?) which would also add complexity to the registration process.

Re:No need (1)

Garble Snarky (715674) | more than 4 years ago | (#30454296)

A) Isn't the point of it to be a public system, so that sites can accept users' email addresses, then find the gravatars themselves?

B) Wouldn't it be equally easy to reverse engineer the salt string, with your own known test email? (As long as the salt is shorter than some limit maybe)

Provide an API (1)

Mathinker (909784) | more than 4 years ago | (#30454852)

A) Isn't the point of it to be a public system, so that sites can accept users' email addresses, then find the gravatars themselves?

I suppose you're right. In which case no trivial workaround can exist (because the attacker just pretends to be a website wanting to discover the guessed emails' avatars). OTOH, if Gravatar would implement a two-step API for getting the information, and implement rate limits on the API, doing the attack could be made much, much harder.

I vaguely remember looking at the Gravatar site when it opened up a long time ago, but personally I have no use for avatars and prefer not to have a global net persona (or at least one which is trivially assembled from all of the little persona pieces I have spread around).

B) Wouldn't it be equally easy to reverse engineer the salt string, with your own known test email? (As long as the salt is shorter than some limit maybe)

The whole point of using a salt (in my eyes, anyway) is that it should be long enough that brute forcing it is unreasonable.

Re:So let's change the algorithm. (1)

jonesy2k (934862) | more than 4 years ago | (#30454254)

Or just add some salt [wikipedia.org] ?

Re:So let's change the algorithm. (1)

Mad Merlin (837387) | more than 4 years ago | (#30454272)

A normal implementation of salt (with the salt in plaintext along with the hash) would not help in this case.

Re:So let's change the algorithm. (1)

Krizdo4 (938901) | more than 4 years ago | (#30454774)

So keep the salt secret to the server so at least someone has to brute force it?

Re:So let's change the algorithm. (0)

Anonymous Coward | more than 4 years ago | (#30454328)

Neither changing hash algorithms nor adding a (public) salt would help against this particular kind of attack, which checks a small set of likely email addresses derived from the username associated with the Gravatar ID.

Re:So let's change the algorithm. (1)

Firehed (942385) | more than 4 years ago | (#30454384)

In order for Gravatar to work, the algorithm has to be publicly known. Which means every site uses the same salt (pointless) or each domain has its own salt, which can be determined from the referrer header (not only also pointless since a potential attacker knows what site they're on, but it would also make the service pretty much impossible to implement). The only other option would be two-way encryption with some sort of per-domain shared key, but given that most of the point of Gravatar is simplicity of implementation, that's just not going to happen.

Re:So let's change the algorithm. (2, Informative)

Mad Merlin (837387) | more than 4 years ago | (#30454268)

It's not, any hashing function would be subject to the same problem. If you RTFA you'll find that they just brute force combinations of the user name and common email domains.

To actually fix this would require not hashing (only) email address, you could mix in some secret salt with the email before hashing, or you could use encryption (with a secret key), or you could just hand out unique identifiers which are associated only in the Gravitar database. I don't know if any of these are feasible for this particular application though.

Re:So let's change the algorithm. (1)

palegray.net (1195047) | more than 4 years ago | (#30454308)

I did, in fact, RTFA. It points out that even in the absence of search space limiting tricks employed by the author, rainbow tables could be used to achieve the same goal. Adding salt would have made the problem quite a bit tougher for an attacker, but wouldn't have put it completely out of reach. It's quite well known that MD5 shouldn't be used for anything privacy related, given the fact that it's been exploited quite publicly in recent history.

Re:So let's change the algorithm. (2, Interesting)

jamesh (87723) | more than 4 years ago | (#30454436)

It's quite well known that MD5 shouldn't be used for anything privacy related, given the fact that it's been exploited quite publicly in recent history.

An email address isn't private... I suspect that MD5 was just a convenient way to get a fixed length id. I'd be more worried about collisions, but i'm too lazy to calculate how many avatars would be required before that might become a problem.

Re:So let's change the algorithm. (0)

Anonymous Coward | more than 4 years ago | (#30454508)

Actually, using an algorithm that takes orders of magnitude longer to compute such as 1000 md5's of the email (barring that 1000 md5's won't reduce to something relatively simple, no one knows), would make this type of bruteforcing uneconomical.

As someone else pointed out, you can't use a secret hash as any site implementing the gravatar would need to know it.
Whatever information gravatar has the site needs as well to compute the hash, and if the site has it, it's safe to assume that the attacker has it IMO.

Re:So let's change the algorithm. (1)

QuoteMstr (55051) | more than 4 years ago | (#30454726)

You're dead on about using thousands of hashes. The practice hurts an attacker far more than it hurts legitimate users. It's called key stretching [wikipedia.org] , or key strengthening.

Re:So let's change the algorithm. (3, Interesting)

Korin43 (881732) | more than 4 years ago | (#30454540)

What I'm wondering is why this matters at all. A spammer would just send emails [your username]@[every common email domain]. Why would they bother to check if it's the correct address or not?

Re:So let's change the algorithm. (1)

JoshuaZ (1134087) | more than 4 years ago | (#30454682)

There are two attacks here. The primary attack has absolutely nothing to do with the hash used. They just checked based on user names likely email addresses. The example given was from User Michael Smith to then check things like michael.smith@majoremailprovider.com and so on. This method, which nowhere uses anything about MD5 got around 10% of the emails. Another attack which did use hash collision detections only got 1%.

Public address (4, Funny)

AlpineR (32307) | more than 4 years ago | (#30454270)

Here's my own Gravatar hash:

b835b33911b93c136d8e61cbbbe6736d [gravatar.com]

Who will be the first to crack it?

Re:Public address (4, Funny)

Yvan256 (722131) | more than 4 years ago | (#30454286)

Is it wagnerr@umich.edu?

nope (1)

furbearntrout (1036146) | more than 4 years ago | (#30454466)

that addy has a different icon [gravatar.com]

Re:nope (2, Informative)

KDingo (944605) | more than 4 years ago | (#30454608)

It is, actually. If you don't include the -n option for echo, it will insert a \n to the string, changing the md5, which is the hash you got.

Re:nope (0)

Anonymous Coward | more than 4 years ago | (#30454658)

proof:
# echo -n 'wagnerr@umich.edu' | md5sum -b
b835b33911b93c136d8e61cbbbe6736d *-

Re:nope (1)

ndogg (158021) | more than 4 years ago | (#30454642)

try again
$ echo -n wagnerr@umich.edu|md5sum -

Re:Public address (1)

The_mad_linguist (1019680) | more than 4 years ago | (#30454302)

How about wagnerr@umich.edu? /completelymissingthepoint

Re:Public address (1, Funny)

edwebdev (1304531) | more than 4 years ago | (#30454310)

Here's a Slashdot post that shows my e-mail address next to my username.

Who will be the first to crack it?

Fixed that for you.

Re:Public address (4, Funny)

palegray.net (1195047) | more than 4 years ago | (#30454334)

I'm certain his email must be umich@wagnerr.edu. Now I just need to figure out why he's attending Wagner [wagner.edu] of all schools, and how the heck they managed to typo their own domain name.

Re:Public address (2, Informative)

Ethanol-fueled (1125189) | more than 4 years ago | (#30454634)

how the heck they managed to typo their own domain name.

Wagner Computer Science program -- Page Not Found. [wagner.edu] Looks like that answered your question.

Re:Public address (1)

TangoMargarine (1617195) | more than 4 years ago | (#30454776)

Sarcasm? [wagner.edu]

Re:Public address (1)

Ethanol-fueled (1125189) | more than 4 years ago | (#30454786)

Not at all. [wagner.edu]

hint: Scroll down the page until you see the "Computer Science, B.S." link. Click on that link. It's B.S., allright.

Re:Public address (1)

TangoMargarine (1617195) | more than 4 years ago | (#30454844)

Okay, so you can get to it via "Departments" but you can't get to it via "Undergrad Programs." I guess you win.

Re:Public address (0)

Anonymous Coward | more than 4 years ago | (#30454896)

Reversing an MD5 does not give you the string that produced the hash.

It gives you *a* string, that, when MD5ed, produces the hash.

There is a very large difference there.

Re:Public address (1)

lastomega7 (1060398) | more than 4 years ago | (#30454462)

Because everyone has only one email. Especially /.ers.

Re:Public address (1)

edwebdev (1304531) | more than 4 years ago | (#30454490)

Which is why I checked the md5 hash and found that it matches before posting :)

Re:Public address (1)

Firehed (942385) | more than 4 years ago | (#30454394)

That took all of one second to find in an md5 lookup database. And thirty seconds for me to realize that I could have looked two lines higher to see it in plaintext next to your userid. :wallbash:

Re:Public address (4, Funny)

grcumb (781340) | more than 4 years ago | (#30454492)

That took all of one second to find in an md5 lookup database. And thirty seconds for me to realize that I could have looked two lines higher to see it in plaintext next to your userid. :wallbash:

Upside: You get to keep your geek card.

Downside: You'll never survive the world outside your basement.

8^)

Salt? (1)

aldld (1663705) | more than 4 years ago | (#30454278)

I'm no expert in cryptography, but would it be helpful for them to add a salt [wikipedia.org] ? (Unless they do that already, of course)

Re:Salt? (1)

QuoteMstr (55051) | more than 4 years ago | (#30454736)

Salting would help a bit here, but far more effective would be key stretching [wikipedia.org] . Hash the email, then feed the hash back through the hash function a few thousand times. The extra computation doesn't have much of an impact when generating a single email identifier, because hash functions are blazing fast, and 1,000 iterations is still blazing fast. But the extra computation grievously hurts people who are using brute force to create rainbow tables, making the whole thing take thousands of times longer.

Possible workaround (3, Insightful)

Mathinker (909784) | more than 4 years ago | (#30454280)

Can anyone tell me if the "you can add extra stuff after a +" that GMail lets you do is standard in the RFC for all email addresses? If it is, to "fix" this, if you should sign up to Gravatar with an email address using a random string after an added "+" the brute force search on hashes will be much, much harder. (Assuming that your email provider is implementing that part of the standard.)

Re:Possible workaround (2, Informative)

bennomatic (691188) | more than 4 years ago | (#30454504)

I've looked through RFC822, and the inclusion of "+" in an email is not excluded, so it's perfectly legal. GMail's functional use of it, however (account+foo@gmail.com and account+bar@gmail.com both go to account@gmail.com, for easy tagging/filing) is just an implementation that takes advantage of the fact that most people do not have + signs in their email addresses.

The RFC is actually pretty promiscuous; it's only implementations of it that fall short. Did you know that apostrophes are legal in the username portion of the email address? Yet how many web sites do you think would allow you to sign up as "First_O'Last@mailserver.net"? Heck; it's amazing how many sites forbid the '+' sign that Google takes advantage of.

Re:Possible workaround (0)

Anonymous Coward | more than 4 years ago | (#30454718)

There is a slightly later RFC (RFC 2822) that allows even more. (Along with the obs stuff from RFC 822 wich allow escaping characters)
Spaces in the user part? Allowed if you escape them (I think it would look like first\ name@example.com). There is lots of options allowed. Put something in quotes, you can get really strange. For example "Abc@def"@example.com is valid, as is Fred\ Bloggs@example.com and abc\@def@example.com (At least what I can find seems to support that)

It is part of the reason that people trying to regex the user part end up with about a page worth of stuff if they want to be fully in spec. A quick and dirty 30 character regex will allow email addresses.
(A Linux Journal article [linuxjournal.com] which is see duplicated elsewhere talking about the regex and email thing)

Re:Possible workaround (2, Informative)

TubeSteak (669689) | more than 4 years ago | (#30454728)

Heck; it's amazing how many sites forbid the '+' sign that Google takes advantage of

Here's what happened in hotmail when I tried to e-mail to [name]+bananas@hotmail.com
http://i49.tinypic.com/fbjh1j.png [tinypic.com]
I googled that odd character and it seems to be Chinese [google.com]

Hotmail treats the "send a message from one of your disposable addresses" generated by Spamgourmet as a typo.

Re:Possible workaround (1)

QuoteMstr (55051) | more than 4 years ago | (#30454750)

To be fair, sub-addressing (using both the '-' and '+' characters) was around well before the creators of Google graduated from high school.

Re:Possible workaround (1)

pjt33 (739471) | more than 4 years ago | (#30454938)

Did you know that apostrophes are legal in the username portion of the email address? Yet how many web sites do you think would allow you to sign up as "First_O'Last@mailserver.net"?

I recently sent an e-mail to a firstname.o'connell@host.gov.uk (no need to let her get random spam) in order to submit my response to a consultation the British Civil Service is making on policy relating to voter registration. Crossed my fingers and sent it via gmail.

So? (1)

Denis Lemire (27713) | more than 4 years ago | (#30454282)

Unless I'm missing something, the article can be summarized: "Guess the person's email address, check if the md5 hash of the address you guessed matches the Gravatar. If it matches you guessed correctly."

Nothing to see here. Move along...

In other news, all password hashes can eventually be cracked by brute force... Oh noes!

Re:So? (1)

gruvmeister (1259380) | more than 4 years ago | (#30454364)

That's pretty much it. If someone already knows your real name, and can guess that you may have an email address of your real name at one of the big free hosting providers, they might guess your email address! OH NO STOP THE INTERNET AT ONCE!!

Re:So? (0)

Anonymous Coward | more than 4 years ago | (#30454458)

Wrong. Generate a list of likely hashes, and compare. It would be quite easy if you can guess thier domain (ie. hotmail). Rainbowtable for @hotmail.com on Amazon wouldn't cost that much to generate.

Re:So? (1)

TheVoice900 (467327) | more than 4 years ago | (#30454392)

Exactly. Not like it matters anyway. I even post my email up on my website so people can like, you know, email me!

Re:So? (1)

icepick72 (834363) | more than 4 years ago | (#30454444)

Except that the said mechanism provides a sure way to verify that an email address exists. Once an addy is correctly guessed the user cannot pretend to hide by not responding to resulting spam, because that account is *known* to exist prior to spamming (not a shot in the dark like most spam attempts) And it's known for sure because StackOverflow requires a valid email address when a user signs up for an account - to carry out StackOverflow account verification through an email link sent to the user for clicking. In other words, one layer of protection has been taken away, although I think it's very topical and personally am not worried about my SO account because the associated Gmail account filters out spam great.

Re:So? (0)

Anonymous Coward | more than 4 years ago | (#30454580)

Except that the said mechanism provides a sure way to verify that an email address exists. Once an addy is correctly guessed the user cannot pretend to hide by not responding to resulting spam, because that account is *known* to exist prior to spamming (not a shot in the dark like most spam attempts) And it's known for sure because StackOverflow requires a valid email address when a user signs up for an account - to carry out StackOverflow account verification through an email link sent to the user for clicking.

In other words, one layer of protection has been taken away, although I think it's very topical and personally am not worried about my SO account because the associated Gmail account filters out spam great.

Unless I only created the email addy to exist long enough to respond to the one-time email.
Or just created an account that gets checked once a week by my Thunderbird client which just auto-deletes all messages, since ANY messages to that email WILL be unsolicited.

Really people this isn't hard. Back in 1996 I had to explain to people that yes, you could use more than one email address, and use at least one for high-risk spam-attracting activity solely. I shouldn't have to explain it again 13 years later, especially to slashdotters.

No salting (1)

Mathinker (909784) | more than 4 years ago | (#30454802)

I more or less agree with you that this isn't particularly newsworthy (is Gravatar all that widely used?), except for the fact that if they had bothered to add a random, secret salt before hashing, everything would have been secure (or rather, as secure as the secret salt).

> In other news, all password hashes can eventually be cracked by brute force... Oh noes!

True, but that is like saying "No encryption which uses a key smaller than the length of the ciphertext is secure": mathematically true, but not true in practice.

I think what you should have said instead was:

"In other news, doing security is harder than you think."

Rainbow Tables (0)

Anonymous Coward | more than 4 years ago | (#30454288)

Can anyone say Rainbow Tables? Tweak the algorithm to output valid e-mail addresses. As for the salt, as long as it isn't known, while it can make is computationaly difficult, it won't stop some addresses from being hacked using the aforementioned method.

At first glance... (1)

fahrbot-bot (874524) | more than 4 years ago | (#30454330)

...I thought "Gravatar" was a new theoretical exotic particle, like a Graviton, especially when used with the following "can leak", but this actually makes more sense - sort of - though I don't know if "leak" is the best verb here. In any case, I gotta stop reading science journals late at night.

Re:At first glance... (1)

Barny (103770) | more than 4 years ago | (#30454372)

No, Gravatar is the son of Gappa, the Triphibian monster.

Re:At first glance... (2, Informative)

Psaakyrn (838406) | more than 4 years ago | (#30454374)

And you didn't think of Gravitar instead? Kids these days...

http://en.wikipedia.org/wiki/Gravitar [wikipedia.org]

Re:At first glance... (1)

Randle_Revar (229304) | more than 4 years ago | (#30454688)

gravatar also sounds like an alternate name for a black hole.

Why is this a problem? (2, Insightful)

gman003 (1693318) | more than 4 years ago | (#30454382)

Do you consider your email address private info, need-to-know only? With a decent spam filter and easy-to-use block features, it really isn't a problem. I provide mine to pretty much anyone who asks. The only thing I do is keep it in a non-scrapable format, to keep it from getting on too many spam lists.

So? (1)

trapnest (1608791) | more than 4 years ago | (#30454402)

Maybe I am missing the point, but who cares?
I understand that there is this huge number of people that think that an email address is private information, but why?

Add a user supplied "salt" (1)

Game_Ender (815505) | more than 4 years ago | (#30454406)

Gravatar just needs every user to supply a "salt" along with there email where ever there gravatar is used, they could even call it a password. Combine the password/salt with the emacs to generate the hash. This would make guessing the email from the hash much more difficult.

Re:Add a user supplied "salt" (0)

Anonymous Coward | more than 4 years ago | (#30454668)

rofl @ emacs reference

Only the rainbow tables matter (0)

Anonymous Coward | more than 4 years ago | (#30454414)

TFA suggests trying email addresses related to the user's ID on some site and domain names of large hosting companies (for example, Michael Smith might be msmith@example.com, or michael.smith@example.com) and testing whether or not their md5sum is the same as the one associated with the avatar. However, a bad guy could just send any message to all such addresses and hope one hits. Of course, he might accidentally be spamming some other suckers with the same name, but no true villain would be bothered by this sort of collateral damage.

The rainbow table suggestion is more serious, since someone could find out your email address even if your screen name is different from the name in your email. (So if you registered at a site as "anonymous_user", but provided the Gravatar people with an email address containing your real name, then the bad guys could find out your real name.) This is bad, but as a mitigating factor, the real name has to be in the rainbow table in the first place, so it is probably fairly common. If the villain finds out your name is Michael Smith, he probably still has no idea which Michael Smith you are.

This is news to me (1)

mok000 (668612) | more than 4 years ago | (#30454416)

Wow. You can glean information from the Internets. I didn't realize that.

e9af4cb49c97162d6be3ea8c6ca90a46 (2, Funny)

iSzabo (1392353) | more than 4 years ago | (#30454460)

I actually *just* (20 minutes ago) put my picture up there. Can you guess my email ;)

Re:e9af4cb49c97162d6be3ea8c6ca90a46 (1)

kent.dickey (685796) | more than 4 years ago | (#30454518)

I'm not sure if you were sarcastic or not, but your email address is at gmail, and I'm gonna mention Fight Club, and there's no I in team. Do you want me to post your email address more plainly?

So, yeah, posting email hashes is only a little bit safer than posting the full text.

Re:e9af4cb49c97162d6be3ea8c6ca90a46 (1)

iSzabo (1392353) | more than 4 years ago | (#30454678)

I thought my Slashdot profile was set to show it. :) If not, I'm going to go change it.

Re:e9af4cb49c97162d6be3ea8c6ca90a46 (5, Interesting)

Anonymous Coward | more than 4 years ago | (#30454584)

Your email is: tyler.szabo _AT_ gmail.com

md5 -s "tyler.szabo@gmail.com"
MD5 ("tyler.szabo@gmail.com") = e9af4cb49c97162d6be3ea8c6ca90a46

For bonus points, your name is Tyler Szabo, you go to University of Waterloo and plan on graduating in 2011. You work at Amazon. You are in a relationship with a Kaylan Elizabeth L. (last name withheld as a courtesy, I'm sure you know who I mean :) ).

I found out you registered this, looked up your avatar on Gravatar, found you on Stack Overflow which gave me your real name (searched for Szabo assuming that was something to do with you). Using this, I looked you up on Facebook, Twitter, and various other sites. Your single avatar helped me link everything together. Once I had your real name from Stack Overflow it became easy.

Good times. Perhaps this reveals another security vulnerability? One avatar links -ALL- your social networking.

I also have your parents, previous employers, etc, but won't post those here :)

Re:e9af4cb49c97162d6be3ea8c6ca90a46 (0)

Anonymous Coward | more than 4 years ago | (#30454630)

I am Jack's complete lack of surprise.

Re:e9af4cb49c97162d6be3ea8c6ca90a46 (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30454996)

Yes, you're smart to figure all that out.
But then you do not have to leave slashdot to solve the riddle:

by iSzabo (1392353) on Wednesday December 16, @01:04AM (#30454460)

I don't know if Facebook keeps track of visitors to ones profile (some networks do), but possible tyler can now guess who you are as well.

- 043dc29be78d00413a3da8611fd93451

use email+whatever@domain.com (2, Insightful)

topham (32406) | more than 4 years ago | (#30454500)

Use your email address with "+randomsequence"@

Randomsequence will have to be consistent between the user and the sites they want the gravatar to work at, but it will generate an MD5 hash different than their actual address; yet if the site sends email to the user with it the user will receive it.

Big deal... (0)

Anonymous Coward | more than 4 years ago | (#30454510)

If you have an MD5 hash of a file or phrase, like an email, and have candidates, you can compare them and see if there's a match! Video at 11!

But seriously, this approach isn't really novel, just a novel application of existing technology. That said, it only effects users who's emails were already easily guessable. If your username is Jon Robert and your email is jon.robert@gmail.com...well, if I was guessing without this, I'd guess that first anyways. All this does it permit you to confirm an email. This is an exploit, but not really all that dangerous of one, because it doesn't reveal emails, only let you confirm that the email you guessed exists and what it is.

The approach of using rainbow tables, only discussed briefly, is a bit more concerning, and I'd like to see more about this.

easier than other methods? (2, Interesting)

bcrowell (177657) | more than 4 years ago | (#30454524)

But is this significantly easier than other methods of harvesting email addresses? Spammers already do dictionary attacks on big providers like yahoo. It's not clear to me that this method is a better way of generating a list of email addresses. If you carry out a dictionary attack on yahoo.com, you're going to come up with probably tens of millions of valid email addresses. If you carry out this attack on gravatar.com, how many addresses are you going to get for your trouble? 10% of gravatar's users, apparently -- which I'm guessing is not really that big a number. Remember, once a spammer has a botnet, it costs him zero to send out one more spam to test whether a particular address is valid. Therefore the dictionary attack is free.

The defense against dictionary attacks is also exactly the same as the defense against this attack: either don't use a big email provider, or use a big email provider but pick a username that has a lot of characters (so it's not vulnerable to brute-forcing) and is also not vulnerable to dictionary attacks.

Does explain ... (0)

Anonymous Coward | more than 4 years ago | (#30454562)

... the emails about ad I got today on my email address I used to register a gravatar.

Not A Bug (3, Insightful)

lhunath (1280798) | more than 4 years ago | (#30454618)

Email addresses are usernames. They are not secret information. If somebody can be bothered enough to find your email address through brute-forcing the MD5 hash of it; you've got bigger problems.

Far more than "10% of stackoverflow.com's users" can have their email addresses GUESSED far faster. Likely your email address is also FAR easier to establish through a simple Google search on your pseudonyms.

If you for some odd reason want your email address to be secret; for the same name as wanting a secret pseudonym or using a false name when signing up; register a fake email address instead (and set it up for forwarding). You're giving your email address in clear text to the site's owner and all the internet hops inbetween him and you ANYWAY.

It's important to learn to distinguish between what is a secret and what is not; and if you want to make things secret, at what level you should put your trust.

Public Key Encryption (1)

paul248 (536459) | more than 4 years ago | (#30454656)

What if Gravatar published a public key, and sites displaying Gravatars pointed their image links to encrypt(gravatar_id + random_salt)? It seems like this would solve the problem, since people viewing the page can't get access to the users' real Gravatar IDs. Sure, the forum sites would still see your Gravatar ID, but they already have your email address in the first place.

Re:Public Key Encryption (0)

Anonymous Coward | more than 4 years ago | (#30454704)

This would have some disadvantages for Gravatar:

- They'd have to decrypt every request, so their CPU cost increases.
- The same Gravatar would have different URLs on different sites, which reduces the effectiveness of HTTP caching, so their bandwidth cost increases.

The Guardian says... (0)

Anonymous Coward | more than 4 years ago | (#30454698)

Gravatar! ... for i shall be your provider... your companion, meh, YOUR MASTER!

In the grand scheme of things this is pretty minor (2, Funny)

Just Brew It! (636086) | more than 4 years ago | (#30454840)

It's not exactly big news that a system based on MD5 hashes is susceptible to dictionary-style attacks; this should be obvious to anyone who understands how hashes work. In order for this particular attack to work, the attacker already has to have some reasonable guesses as to what your e-mail address is; the Gravatar trick only confirms the address. So it seems to me that the amount of additional data leaked is fairly small.

OTOH, I suppose I'm somewhat desensitized to this sort of thing, since I've had the same primary e-mail address for something like 15 years (going back to the days when I was rather active on Usenet). My e-mail address is already in every spammer database on the planet, so I don't see how a few more people knowing it could make things any worse!

Re:In the grand scheme of things this is pretty mi (1)

ysth (1368415) | more than 4 years ago | (#30455018)

Agreed. In fact, when I first created a gravatar, this "newly discovered" problem immediately occurred to me; I suspect the same is true for many other gravatar users.

Could provide an API (2, Interesting)

Mathinker (909784) | more than 4 years ago | (#30454890)

From Gravatar's FAQ:

MD5 isnt strong enough encryption, they’ve cracked that havent they?

MD5 is plenty good for obfuscating the email address of users across the wire. if you’re thinking of rainbow tables, those are all geared at passwords (which are generally shorter, and less globally different from one another) and not email addresses, furthermore they are geared at generating anything that matches the hash, NOT the original data being hashed. If you are thinking about being able to reproduce a collision, you still don’t necessarily get the actual email address being hashed from the data generated to create the collision. In either case the work required to both construct and operate such a monstrocity would be prohibitively costly. If we left your password laying around in the open as a plain md5 hash someone might be able to find some data (not necessarily your password) which they could use to log in as you... Leaving your email address out as an md5 hash, however, is not going to cause a violent upsurge in the number of fake rolex watch emails that you get. Lets face it there are far more lucrative, easier, ways of getting email address. I hope this helps ease your mind.

So, they might have already thought about this vulnerability and dismissed it as not interesting.

They could still fix their concept by providing an API where a website wanting to discover the avatar for a given email first hashes the email with MD5 and then the Gravatar URL which is generated redirects them to a link to the image (which contains no information about the email address, or perhaps uses a salted [wikipedia.org] hash). This, in conjunction with rate limiting the number of queries per website, could provide a relatively secure way to do what they want.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...