We recently had a discussion on what password encryption is used on the forum.

I believe it was pointed out that it's stored as an MD5 hash, and ultimately this is crackable for short passwords using brute force.

However, VBulletin uses a double hash and a salt. IF you have the salt (it looks like I could get it from the DB) it's still extremely unlikely someone could undo the hashes without a bunch of computing power. I certainly wouldn't know how anyway. Despite rumours to the contrary!


VBulletin support confirm this here:
https://www.vbulletin.com/forum/show...rds-protection


The best course of action even if you don't think this is safe enough? Simply have a password per website. Then, even if someone hacks you one one site, you're safe on the other zillion you visit.

AND use a very good, long password. E.g. consider using http://strongpasswordgenerator.com/



Cheers,

Deano.