Adding Gravatars wth Perl

This morning I I added Gravatars to the comments here. If you don't have a Gravatar, you can go create one at the Gravatar site.

This is fairly simple to do - it's just a matter of doing an MD5 hash on the email supplied in the comment form.

Your email is never displayed but it might someday be possible to reverse engineer it from the hash (see Wikipedia MD5). If that concerns you, either do not use Gravatars or use an email that doesn't matter for this.

The Gravatar site has more explanation in its FAQ

MD5 is plenty good for obfuscating the email address of users across the wire. if you're thinking of rainbow tables, those are all geared at passwords (which are generally shorter, and less globally different from one another) and not email addresses, furthermore they are geared at generating anything that matches the hash, NOT the original data being hashed. If you are thinking about being able to reproduce a collision, you still dont necessarily get the actual email address being hashed from the data generated to create the collision. In either case the work required to both construct and operate such a monstrocity would be prohibitively costly. If we left your password laying around in the open as a plain md5 hash someone might be able to find some data (not necessarily your password) which they could use to log in as you... Leaving your email address out as an md5 hash, however, is not going to cause a violent upsurge in the number of fake rolex watch emails that you get. Lets face it there are far more lucrative, easier, ways of getting email address. I hope this helps ease your mind.

Simple command line code to do this is:

 #!/usr/bin/perl
 use Digest::MD5  qw(md5_hex);
 $data=<>;
 chomp $data;
 $digest = md5_hex($data);
 print " $data = http://www.gravatar.com/avatar.php?gravatar_id=$digest\n";
 

Obviously squeezing that into my comments code took a little more work, but I think it is all set now. Older comments won't show gravatars - only comments you add now that include an email address.