jaschaurbach
commented
1 year ago Why not change to a SHA256 Hash instead? the MD5 was always only meant to ensure Gravatar compatibility.
Reference: https://wiki.libravatar.org/api/
Open Changaco opened 1 year ago
jaschaurbach
commented
1 year ago Why not change to a SHA256 Hash instead? the MD5 was always only meant to ensure Gravatar compatibility.
Reference: https://wiki.libravatar.org/api/
Changaco
commented
1 year ago Why not change to a SHA256 Hash instead?
Because leaking a SHA256 hash isn't really better than leaking an MD5, and because we would lose the automatic fallback to Gravatar.
Using Libravatar leaks the MD5 hash of the account's primary email address, so it should be opt-in, not opt-out.