Google as a password cracker (Light Blue Touchpaper)

It would be good to "out" software like this (Wordpress) that doesn't take the rudimentary
precaution of using salted hashes. There's far too much of it out there, and with site
security being in general pretty poor it's never going to be long before such unsalted
password hashes are being distributed on IRC for script kiddies to unravel.

In fact the existence and popularity of this type of software encourages script kiddies to try
to break into a site to collect more unsecured hashes. If getting a password out was
impractical a lot of the fun would be gone and some of them would quit doing it. In effect we
have an ongoing Internet public health disaster, with those who do take sensible precautions
at risk because of those who either don't care or don't understand. The #1 solution to such a
public menace is awareness, which in this case means telling Wordpress users that it has lousy
password security.

This is also a good reason not to use passwords at all for systems like blog software that are
of only modest security value. OpenID or other single sign-on technology moves all the
difficult security stuff to a provider that cares as much (or potentially as little) as the
user does about their security. Dropping in a good single-sign on system (not rolling your
own) means you can forget all further hassle with user identity, password security etc.