Crypto weakness in Web comment system exposes hate-mongering politicians

Found on Ars Technica on Wednesday, 11 December 2013

nvestigative journalists have exploited a cryptographic weakness in a third-party website commenting service to expose politicians and other Swedish public figures who left highly offensive remarks on right-wing blogs, according to published reports.

The Gravatar hashes, which are typically embedded in any comment left on millions of sites that use the avatar service, are generated by passing a user's e-mail address through the MD5 cryptographic function.

That's really more a problem of a clueless developer who thought it would be a good idea to use MD5 for anonymity. At least he could have added some custom salt.

Browse all articles« Previous « » Next »