How do I generate an encrypted password string, as it is in /etc/shadow?

Question

I'm trying to mimic the creation of password strings as they appear in /etc/shadow.

This is what I've got so far, but the encrypted passwords don't match, when I use the same password and the same salt.

5000 rounds is standard for crypt, so I used that as well, but I don't see where exacly I made a mistake:

I'm doing this in Perl, this is the relevant porion:

($pass, $salt) = @ARGV;

unless(defined($salt)) {
    $salt = MIME::Base64::encode(random_bytes(12), '');
}

for $i (1 .. 4999) {
    $pass = Digest::SHA::sha512($salt, $pass);
}

say "";

print '$6$', $salt, '$', Digest::SHA::sha512_base64($salt, $pass), "\$\n";

Answer 1

The crypt algorithm involves a lot more than just re-hashing 5,000 times:

• Unix crypt using SHA-256 and SHA-512

Answer 2

perl -e 'print crypt("qwerty", "\$6\$somesalt\$")'