[studer]

Given your statement on MD5 collisions, it's not entirely clear to me who's the script kiddie here.

[to]

how many users do they want to store in their db with a unique md5 string? its just a really bad bet. thats a script kiddie for me, assuming that a hash never collides within a database and than chosing md5. there are better, even very simple, ways to store hashes without forcing collisions.

[ErrantX]

There are an awful lot of md5 digests - so, even with an insane number of users it is highly unlikely they would have a collision. Hell; at work we generate insane numbers of hashes and it took us quite a while, and a large dataset to find a collision :-)

[gfodor]

Nevermind the fact that if the gods did cause such a collision to occur it wouldn't exactly be the end of the world. (And the accessibility of md5 more than makes up for this consequence.)

[to]

but why md5 when there are better alternatives? not to speak about the issues with OP

[philfreo]

because it's very simple for anyone to build an app that uses Gravatar since md5 is probably the most well-known hashing function.