I had created two users on Linux with the same exact passwords, but when I looked at the /etc/shadow
file, I found that the hashed values look different, although the salt file is the same. (Please see below, j9T
is the salt). Why the hashed passwords are NOT similar, although the slat and password are similar?
# tail /etc/shadow
Bob:$y$**j9T**$ewJ0HB756BZDnPjx7zzbm0$i39AKrfuQuvvoQJpujwWd7Z4bcZgN1l0IWeJsNmLzg7:19254:0:99999:7:::
Bob:$y$**j9T**$pFF5c93UZvdFYD2nanxEO.$SMhaxtPUPEUZdZZx.b1tGmjXgM67nqBJgMk2sNP.5s4:19254:0:99999:7:::
Best Answer
The second field (
j9T
) is not the salt, it's theparam
(hash complexity parameter). You could read more information about the format of the hash here and hereYou salt is actually the third field, and you can see it's different.
The actual hash is the fourth field.