I've been wondering for a while, why does running "echo 'helloworld' | openssl passwd -1 -stdin" yield different results every time?If I put any of the hashes in my /etc/shadow I can use them as my password and login to my system, how does it work?
computer:/ user$ echo 'helloworld' | openssl passwd -1 -stdin
$1$xlm86SKN$vzF1zs3vfjC9zRVI15zFl1
computer:/ user$ echo 'helloworld' | openssl passwd -1 -stdin
$1$/0.20NIp$pd4X9xTZ6sF8ExEGqAXb9/
computer:/ user$ echo 'helloworld' | openssl passwd -1 -stdin
$1$sZ65uxPA$pENwlL.5a.RNVZITN/zNJ1
computer:/ user$ echo 'helloworld' | openssl passwd -1 -stdin
$1$zBFQ0d3Z$SibkYmuJvbmm8O8cNeGMx1
computer:/ user$ echo 'helloworld' | openssl passwd -1 -stdin
$1$PfDyDWER$tWaoTYym8zy38P2ElwoBe/
I would think that because I use this hash to describe to the system what my password should be, I should get the same results every time. Why don't I?
They all have a different salt. A unique salt is chosen each time, as salts should never be reused. Using a unique salt for each password makes them resistant to rainbow table attacks.
Indeed if you provide the salt to the command line you always get the same result.