Understanding Linux Password Hashes
Just thought I would comment on something I ran across on your site.
On your page, http://hills.ccsf.org/~jharri01/project.html#passwords youAll this is just the result of me fooling around in the sources.
speculated that the first 8 chars of the MD5 hash had special meaning
but didn't know what it was. It's the salt for the MD5 hash. When the
password is hashed using MD5, it requires a salt (which by standard is
almost always completely random/time generated by whatever command
creates the password). I suppose the greatest meaning for the salt, is
to stop users with the same password from having the same hash.
So, the complete hash is made up of $1$_SALT_$_MD5_HASH_. The "$1$" is
referred to as the "magic" and in some cases is used to determine if
this is a MD5 hash and not something else (DES) like you said. So, when
somebody wants to use the new version of crypt() to see if a password is
correct by comparing hashes, they still need the original hash salt to
create the new hash.