How is a password hash encoded in the shadow password file?

In the case of MD5 crypt(), the salt is just a random string of up to 8 characters from [a-zA-Z0-9./].

The salt and password are then hashed together, passed through a strengthening function, then encoded using a variant on Base64:

• the MD5 state (128 bits) is shuffled up and broken into 6 groups, each containing 3 bytes (the final group includes 2 bytes of zero-padding)
• each group of 3 bytes is then split into 4 blocks of 6 bits each
• finally, each 6-bit group is mapped to a character in the range [a-zA-Z0-9./]

If you only want to know how the password is encoded, crypt() uses a special Base64-type of encoding.

Base64 encoding uses the following charset: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

While the crypt() encoding uses this charset: ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz

Also, unlike Base64 there is no "=" padding.

On the other hand, the crypt() implementations of MD5, SHA-X, etc do more than just generate a random salt, run the hash function and encode it using the former encoding.

I recommend reading these two great posts: "Password hashing with MD5-crypt in relation to MD5" and "Implementation of SHA512-crypt vs MD5-crypt", for a more complete explanation.

The first part of the hash in between the $'s indicates what algorithm is being used.

Check out http://en.wikipedia.org/wiki/Crypt_%28Unix%29 for a list of the what the different values mean.