OpenSSL passwd hash not consistent

Question

I'm trying to hash an inputted password using the OpenSSL passwd command and compare it to the stored hash, but the hash function is not consistent. The hash generated the first time around is not the same hash that is being generated when I go to compare the input. Note the 3 different results each time I perform the hash:

caseys-air:~ Casey$ openssl passwd -1 MySecret
$1$AlHYrEQp$.c7UTqHiReGXfmNtXOY/T0
caseys-air:~ Casey$ openssl passwd -1 MySecret
$1$6BPglDOg$8KHb5e7ZryYPfYP0Zm8Ra/
caseys-air:~ Casey$ openssl passwd -1 MySecret
$1$vmQtjpWw$yIi6sZt.3XAP7W3e7hBG11

What's going on here? Is the system time being used in creating the hash? How can I get consistent hashes?

score 15 · Accepted Answer · answered Nov 17 '13 at 17:33

15

Each time you call that command, it generates a new salt and encrypts with that salt. Format is $1$<salt>$<data> for an MD5.

To generate an equivalent value for comparison, you must tell OpenSSL to use the same salt.

First, split the existing string by $. In your first string, salt is AlHYrEQp.

Then:

openssl passwd -1 -salt AlHYrEQp MySecret

I get:

[me@foo ~]$ openssl passwd -1 -salt AlHYrEQp MySecret
$1$AlHYrEQp$.c7UTqHiReGXfmNtXOY/T0

answered Nov 17 '13 at 17:33

Joe

41,484
20
104
125

Is there a way to output the random salt that was used when you don't use the `-salt` option? – BitWrecker Nov 14 '21 at 22:58
You just split the string. You can see the salt in the output -- $1$$ – Joe Nov 15 '21 at 14:28

OpenSSL passwd hash not consistent

1 Answers1