The passwd command is a consumer of the userland Cryptographic Framework. Two configuration files, /etc/security/crypt.conf and /etc/security/policy.conf, determine which password hash the system uses.
The passwd command calls the crypt() function by using the PAM modules pam_authtok_store.so.1 and pam_unix_auth.so.1. The crypt() function dynamically loads plugins from the message digest library, libmd(), based on entries in the crypt.conf file. Among the plugins are the SHA256, SHA512, and MD5 password hash algorithms. The policy.conf file lists the password hashes from the crypt.conf file that are in effect on the system. By default, the policy.conf file does not allow the use of the MD5 password hash.