You know that's actually a lot (a very large lot) better than having the same password for multiple sites (like for example the common three password security levels strategy).
A bruteforcer might find a hash collision, but it's not likely to find the entire string {password}ubuntuforums.org unless it is actively looking for that string.
Granted ofcourse that all websites you do this on store their passwords securely.. if not then you are right, it is a terrible idea :P
That would have been standard 10 years ago, but these days, it's not very effective and, unfortunately, it's still a very common scheme. You're better off with:
There are sites you can just go to and they'll crack the passwords for you in no time at all.
Edit: aware of rainbow tables and salts and how hashes work etc etc. They are easy to crack if on password lists which they mostly are these days if you have a shit password which is 90%+ of us. Not only that, the $salt on a good chunk of vbulletin sites from vb2 days is not a strong salt.
With respect to the feasibility, it's really easy to do an md5 and you don't just do the whole list, you pick interesting email addresses and start there.
The purpose of the salt is to invalidate rainbow tables. With salt, the only way to reverse is to compute all combinations. With advances in GPU, it has become easier for some hash functions, but it easnt' easy to reverse by any measure.
What are these sites which will crack the passwords in no time? Try reversing this:
oclhashcat-plus [1] claims to perform 6.9 billion MD5 hashes per second on an AMD hd6990 ($900 from Amazon).
Assuming the password is eight lower case letters, you can try them all in (26^8)/(6.9 billion) = 30 seconds.
Even if the password is eight alphanumeric digits, you can try them all in ((26+26+10)^8)/(6.9 billion) = 8.7 hours.
Now admittedly, many users will have more than 8 characters in their passwords, and 8 hours to crack a single account isn't that bad I mean it could be a lot worse, and it's only a forum so no exactly critical infrastructure. However, by the standards of security systems (where we're used to hearing that brute force attacks will take longer than the age of the universe) MD5 is pretty weak.
no, it's not easy to reverse. though if the password was a common one or occurs in a dictionary, it is easier to reverse. and no, they cannot be cracked in 'no time'.
If by "no time", you mean minutes or hours on a typical laptop - hashcat will rip through vbulletin hashes almost as fast as to goes through plain MD5.
A journalist[1] got 45% of a list of 17,000 MD5 hashed passwords on his MacBook Air (just CPU hashing no GPU) - in 90 seconds. It's entirely justifiable to expect vbulletin hashes to fall no slower than twice that time.
Even using random passwords - which means "non-dictionary words (including guessable letter/symbol substitution and leading/trailing digits)" - you still need to be aware of the abilities of modern password cracking tools.
Hashcat with a modern gaming video card can do almost 7billion MD5 hashes per second, which'll search the entire 7char password space in something like 90- seconds - or the entire 9char password space in under 9 days. 11 characters gets you up to a _probably_ acceptable 194 years - against a single GPU attacker, the hashcat code will run on 128GPUs at once, which drops that to only ~18months against a well funded attacker (probably "criminal enterprise" level well funded, well short of "nation state" level).
With the Apple password breach - you'd be foolish to not assume criminals could muster hundreds of GPUs to crack passwords that'd give them working iTunes accounts (you give me a couple of tens of thousands of active credit card linked iTunes accounts, and I could think of many ways to turn that into many hundreds of thousands of dollars of revenue for some unscrupulous app developer.) I'm hoping Apples passwords were more securely hashed than salted MD5, but if you were using a less than 10 char password, I'd be changing it immedialtely. Even less that 12 chars might not be safe in a 12 month timeframe...
But you aren't going to remember 11char random passwords anyway, so use a tool (1Password/Lastpass/Keypass/etc) and then there's no point _not_ using 16 or 20 or 25char or longer passwords.
Anything less than 9 random chars pretty much _can_ be cracked "in no time" - any valuable passwords less than 12 chars should be considered "weak".
Or its less than 8chars against an attacker with a single laptop, or 10 chars against an attacker with a modern GPU, or 12 chars against a criminal gang with access to a few hundred GPUs, and I suspect you want at least 15 or 16 chars to feel reasonably future-proof against a nation-state level attacker, and I'm guessing 20chars is enough to ensure the NSA gets out the $5 wrench instead of powering up the supercluster to crack your password.
Hashcat is _fast_. It's unlikely the NSA is many of orders of magnitude faster though. I'm happy enough with my 25 random char passwords generated and stored in 1Password.
As I said when I previously commented. I find it pretty ironic that these kind of breaches could have been avoided by simply creating a whitelist for their admin panel. This isn't rocket science. The majority of breaches of these size that keep occurring are password reuse, or open admin panels (bruteforce attacks). Who needs a vulnerability when an attacker can simply look up the Administrators on databases they already have?
Usually it is the password itself that is attacked, not the hashing algorithm. Many people use weak passwords and it is not that hard to use dictionary attacks against them.
Dictionary attacks against salted passwords hashed with something like bcrypt take way more time, weak password or not (and yet a weak password is by definition weak)
MD5 is so fast on GPUs, you can do some pretty ridiculous dictionary attacks in a matter of minutes (like trying every combination of words that has ever been written in a book or posted online - using google's n-gram corpus for example). Then you have plenty of time to try letter substitutions (3 for e), combinations such as word + number + word, etc.
This doesn't apply of course, if your password is a long string of random characters.
I switched to using a few registration-specific emails after getting my own domain: spambox@example.com for really dodgy sites or sites I suspect will generate a bunch of crap periodical emails, and register@example.com for the sites I have a little more faith in.
It allows for much easier filtering of my email as well: I only get the emails I care for in my inbox.
I use somename+sitename@example.com, since I don't use catch all and don't want to create a new e-mail for each registration. Most e-mail providers will ignore the +sitename part and send it to your inbox.
