Any attack on md5($salt.$pass) that prepends ?s should crack this if I understand your algorithm correctly. Essentially you are just prepending "/" to everyone's passwords, then calculating the md5($salt.$pass). If an attacker knows this is the algorithm (they would probably see the pattern after a few results with "/" prepended), they could just prepend the "/" to every string in their dictionary (as long as the password is in their dictionary already as a whole or only needs mangling/appending), or append it to the salt.
I'm not coming up with the same hash as you for this though, your example should end up being md5( VTw10NR/password ) which I calculate to be 75f10ef81001f0f1e1f90008a69bd409, so maybe I'm missing something?
I'm not coming up with the same hash as you for this though, your example should end up being md5( VTw10NR/password ) which I calculate to be 75f10ef81001f0f1e1f90008a69bd409, so maybe I'm missing something?