I don't get it. Why doesn't Gravatar use a salt to generate the checksum? The salt would only be known to Gravatar and is not bruteforcable by anyone who doesn't know the salt.
A simple solution would be to assign each website its own unique ID, the based on that UID assign a private/secure salt only known to the website + gravatar. Then when the websites generate hashes, they can then append the salt and generate the hash. Simple solution and seemingly easy to implement..though, it`s probably not. (I suggest this in the event that it really is a big issue. However, I am of the opinion that it`s not)
That would require a bit more infrastructure on Gravatar's part (a UI for registering a site), and would significantly slow its adoption because site owners would have to go register their site before they could generate gravatar URLs. I used Gravatar for my site because it was so easy to implement, and I probably wouldn't have bothered if it was an annoying process like this.
When I first read the article, I thought the same thing. If each site had their own salt key (probably based upon a id), then this problem goes away.
It could get even easier if the domain name captured via the http referrer was used as the salt, then Gravatar.com wouldn't even need a UI to let sites sign up. This might make it a little more difficult for a site operator though, so ideally this would be a configurable option.
- Unomi -