For security purposes I want to use a different password on every service I log into. How secure is it to use a master password to generate all the sub-passwords by SHA-1?

This is basically a good method, so long as you can get sites to accept your encoded passwords. If you want to make it slightly more secure, you can use a slow function such as scrypt in place of SHA1.  This would make a brute-force attack against your master password that much more expensive.  If your master password is really strong, though, this is unnecessary. Edit: Anders Kaseorg is correct about length extension; somehow that slipped my mind.  SHA1(key+message) isn't a PRF, nor is SHA2(key+message), though there's probably not an attack here.  This isn't an issue with scrypt or SHA3.

[Disclosure: I work for AgileBits, the makers of 1Password] Suppose that some site you use stores passwords in plaintext and the password gets leaked. This is very possible. It happens all the time. So now that attacker has your hash, and she also know what site it is from. So she then just needs to resort to normal, everyday hash cracking with something like John the Ripper or hashcat to "guess" your master password. While I don't know of cases where this has been done specifically against your scheme, it is technically little different than what hash crackers do all of the time. If that is successful then she will have the keys to the kingdom. There are a couple of things that you can do offer a bit more resistance. You can make your master password very strong. You can also, as Michael Hamburg suggested, use a "slow" Key Derivation Function such as PBKDF2, scrypt, or bcrypt instead to SHA1. This will also take care of the issue that Anders Kaseorg raised. And Anders concern is a real issue. Suppose you have a password for "http://site.coxample.co" which gets exposed. That could (under the right circumstances) be extended to "example.com" or  "example.co.uk".  [Update: As Andrers has reminded me, SHA1 padding will make such extension attacks impractical.] I may be biased by my interests here (see disclosure above), but I feel that you are best off with passwords that are completely independent of each other.

This is an extremely effective method.  It's also one of the foundations of the budding SQRL authentication standard that's rapidly gaining traction.  https://www.grc.com/sqrl/sqrl.htm So, by extrapolation, this method has been recently well scrutinized and approved by many of the world's crypto heavyweights.  (I just don't recall right off the top of my head whether it's SHA1, but obviously that would only represent a trivial adjustment to your process should you desire to more closely match that portion of the SQRL standard.)

There are two glaring problems with this approach (if I understand it correctly - that you generate the md5 hash of a string "mysimplestring" and use that hash as your password) that spring immediately to my mind: 1) Not all implementations of md5sum generate the same hash for the same source string.  A given implementation will always generate the same hash for the same source string, but I have encountered md5sum applications that give different hashes from other md5sum applications. (This means that if your md5sum application stops working/becomes unavailable, you can no longer recover your passwords.) 2) While it's a functional method to generate pseudo-random character strings, using a password manager (such as https://agilebits.com/onepassword, http://keepass.com/, or http://passwordsafe.sourceforge.net/) to create and securely store them seems a much more rational approach - use a tool designed to generate random passwords to generate random passwords.  ("Yes, you could use that crescent wrench to pound that nail into the wall, but wouldn't a hammer be a better tool to use?") Also, in this vein, md5sum hashes never contain special characters, which some sites require be present in the password (which means that you couldn't recover the password for one of those sites using only md5sum, anyway).