Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses

[Solar Designer <solar () openwall com>]

On Wed, Sep 25, 2024 at 06:28:16AM +0000, Enxin Xie wrote:
> Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The 
> official recommendation is to use SHA256 instead.

For practical purposes, this sounds like almost no change to me.  I've
just checked and https://docs.gravatar.com/api/avatars/hash/ does say:

> All URLs on Gravatar are based on the use of the hashed value of an
> email address. Images and profiles are both accessed via the hash of an
> email, and it is considered the primary way of identifying an identity
> within the system. To ensure a consistent and accurate hash, the
> following steps should be taken to create a hash:
>
> 1. Trim leading and trailing whitespace from an email address
> 2. Force all characters to lower-case
> 3. hash the final string with SHA256

So Gravatar URLs by design allow for quick checking of email addresses
against them, and thus allow to infer not-too-cryptic addresses.  Both
MD5 and SHA-256 are very fast, with speeds in many billion per second
per GPU, with SHA-256 being only a few times slower than MD5.  MD5's
cryptographic weaknesses are irrelevant to this use case.

So I think this CVE should either be rejected (as the issue is with
Gravatar, not with implementations) or considered unfixable (within
spec) and thus not fixed.

Alexander