Linux – Why Hashed Passwords Differ Despite Same Salt and Password

On Ubuntu/Debian mkpasswd is part of the package whois and implemented in mkpasswd.c which as actually just a sophisticated wrapper around the crypt() function in glibc declared in unistd.h. crypt() takes two arguments password and salt. Password is "test" in this case, salt is prepended by "$6$" for the SHA-512 hash (see SHA-crypt) so "$6$Zem197T4" is passed to crypt().

Maybe you noticed the -R option of mkpasswd which determines the number of rounds. In the document you'll find a default of 5000 rounds. This is the first hint why the result would never be equal to the simple concatenation of salt and password, it's not hashed only once. Actually if you pass -R 5000 you get the same result. In this case "$6$rounds=5000$Zem197T4" is passed to crypt() and the implementation in glibc (which is the libc of Debian/Ubuntu) extracts the method and number of rounds from this.

What happens inside crypt() is more complicated than just computing a single hash and the result is base64 encoded in the end. That's why the result you showed contains all kinds of characters after the last '$' and not only [0-9a-f] as in the typical hex string of a SHA-512 hash. The algorithm is described in detail in the already mentioned SHA-Crypt document.

Setting a password with passwd or chpasswd generates a random salt, so users who happen to have the same password would not have identical hashes. In order to have identical hashes this way, you'd have to have a misconfigured system that somehow doesn't save entropy between reboots, and systems that are so completely identical as to repeat the random seed (that can happen with VMs, especially when resuming from snapshots), and for all the passwords to be generated after reading exactly the same number of bytes from /dev/urandom. This is highly unlikely.

Thus, if you see identical hashes, it means that the hashes were copied. The passwords were deliberately made the same, rather than by coincidentally setting the same password multiple times. Either the administrator directly edited the password database and copying the hashes, or they used something like chpasswd -e to supply hashes.

The only bad consequence of repeating a password hash is that it makes it apparent that the accounts have the same password. With distinct salts, as is normally the case, it would be impossible to tell that two accounts have the same password except by guessing the password.