It depends on the hash algorithm used.
I know that Xenforo (The software i use) uses SHA256 which is considered safe. I would presume that vBulliten 4 uses the same.
SHA1 is considered depreciated
MD5 is a no go for new software
This code posted in this old post uses MD5:
http://www.vbulletin.com/forum/foru...vbulletin-using-for-user-passwords-protection
Code:
[COLOR=#000000][COLOR=#0000BB]$sql [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#DD0000]"SELECT username FROM vb_user
WHERE username = '[/COLOR][COLOR=#007700]{[/COLOR][COLOR=#0000BB]$_POST[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'fusername'[/COLOR][COLOR=#007700]]}[/COLOR][COLOR=#DD0000]'
AND password = [U][B]md5[/B][/U]( concat( md5('[/COLOR][COLOR=#007700]{[/COLOR][COLOR=#0000BB]$_POST[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'fpassword'[/COLOR][COLOR=#007700]]}[/COLOR][COLOR=#DD0000]'), salt));"[/COLOR][COLOR=#007700]; [/COLOR][/COLOR]
I also just had a quick look at their register.php and their function_digest.php, functions_login.php file from version 4.1.4 and it seems like MD5 there as well.
Code:
function verify_authentication($username, $password, $md5password, $md5password_utf, $cookieuser, $send_cookies)
So if they are using MD5 then I'd say anyone with a password there should consider it compromised. If the password is nice and long then you might be OK, but i wouldn't put my chances down to luck.
The chance is high of cracking short password (12ish and below characters) due to rainbow tables which are freely available on the net as well as the multitude of websites offering free MD5 cracking facilities.
edit-again:
A quick check of version 4.2 reveals MD5 as well. Unless I'm missing something or looking at the wrong php files. But MD5 is everywhere.
Facebook
Twitter