Comment 2 for bug 1057832

Another option would be to keep the SHA256 hashes but to remove arbitrary default URLs from them.

So you could choose to use a SHA256 with any of the built-in "special values" but not redirect to an arbitrary image. Arbitary redirections would only be available through Gravatar with an MD5 hash.