Question 1

What is the $6$ format?

Accepted Answer

$6$ is the prefix for SHA-512 crypt — the default password hashing algorithm in /etc/shadow on most modern Linux distributions (since glibc 2.7, 2007). The full format is `$6$rounds=$$` where rounds is optional (default 5000), salt is up to 16 chars, hash is 86 chars of custom base64. Other crypt prefixes: $1$ = MD5 crypt (FreeBSD-style), $5$ = SHA-256 crypt, $y$ = yescrypt (default on Fedora 35+/Ubuntu 24.04+/RHEL 9+), $7$ = scrypt.

Question 2

How do I update /etc/shadow with this hash?

Accepted Answer

Three options. (1) `usermod -p '$6$rounds=5000$salt$hash' username` — passes the hash directly, no plaintext exposure. Note: in bash, the dollar signs need careful escaping. (2) Edit /etc/shadow directly with vipw -s (only as root, in single-user mode is safest). (3) `chpasswd -e` for encrypted password input: `echo 'username:$6$...' | chpasswd -e`. After updating, the user can immediately log in with the plaintext password — Linux re-hashes the typed password using the salt from /etc/shadow and compares.

Question 3

Why use 5000 rounds — is that enough?

Accepted Answer

5000 rounds takes ~3ms on modern CPU hardware — fast enough to feel instant on login but ~5000× harder to brute-force than unsalted SHA-512. For higher security, set SHA_CRYPT_DEFAULT_ROUNDS in /etc/login.defs to 100000 or higher (~60ms per login). The shadow-utils package on Debian/Ubuntu supports values up to 999,999,999. New installations on RHEL 9+ and Ubuntu 24.04+ default to yescrypt instead, which is memory-hard and stronger than $6$ even at the same compute cost.

Question 4

Will this work on macOS?

Accepted Answer

Yes for password verification on Linux servers via SSH, but macOS itself doesn't use /etc/shadow — Mac stores passwords in encrypted plists and uses PBKDF2-SHA512 via opendirectoryd. The hash from this tool can't be pasted into a Mac account directly. For Mac password resets via single-user mode, use `dscl . -passwd /Users/username newpassword` instead.

Linux Shadow Hash Generator

Frequently Asked Questions