Make WordPress Core

Opened 2 months ago

Last modified 2 months ago

#60638 new enhancement

Gravatar: Upgrade md5 hashing algorithm to sha256

Reported by: henrywright's profile henry.wright Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch
Focuses: Cc:


Gravatar now seems to support the sha256 hashing algorithm.


Functions such as get_avatar_data() use the old md5 hashing algorithm. That's still supported by Gravatar but considering the md5 string can be reversed, privacy may be impacted in cases where a user's email is obtained from the md5 hash.

Change History (3)

This ticket was mentioned in Slack in #core by henrywright. View the logs.

2 months ago

#2 @swissspidy
2 months ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release

This ticket was mentioned in PR #6179 on WordPress/wordpress-develop by @jucaduca.

2 months ago

  • Keywords has-patch added; needs-patch removed

Gravatar is changing the hash algorithm from md5 to sha256.

We currently have support for both, but we know that md5's altarithm is weak.

The function output should change as in the example below:

Final result:



Trac ticket:

Note: See TracTickets for help on using tickets.