Why are md5 passwords hashed differently?

Peter asked:

I’ve been wondering for a while, why does running “echo ‘helloworld’ | openssl passwd -1 -stdin” yield different results every time?If I put any of the hashes in my /etc/shadow I can use them as my password and login to my system, how does it work?

computer:/ user$ echo 'helloworld' | openssl passwd -1 -stdin
$1$xlm86SKN$vzF1zs3vfjC9zRVI15zFl1
computer:/ user$ echo 'helloworld' | openssl passwd -1 -stdin
$1$/0.20NIp$pd4X9xTZ6sF8ExEGqAXb9/
computer:/ user$ echo 'helloworld' | openssl passwd -1 -stdin
$1$sZ65uxPA$pENwlL.5a.RNVZITN/zNJ1
computer:/ user$ echo 'helloworld' | openssl passwd -1 -stdin
$1$zBFQ0d3Z$SibkYmuJvbmm8O8cNeGMx1
computer:/ user$ echo 'helloworld' | openssl passwd -1 -stdin
$1$PfDyDWER$tWaoTYym8zy38P2ElwoBe/

I would think that because I use this hash to describe to the system what my password should be, I should get the same results every time. Why don’t I?

My answer:


They all have a different salt. A unique salt is chosen each time, as salts should never be reused. Using a unique salt for each password makes them resistant to rainbow table attacks.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.