diff --git a/CHANGES b/CHANGES
index 56a3c0971..5b02c3958 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2000]
 
+  *) Fix 'openssl passwd -1'.
+     [Bodo Moeller]
+
   *) Change PKCS12_key_gen_asc() so it can cope with non null
      terminated strings whose length is passed in the passlen
      parameter, for example from PEM callbacks. This was done
diff --git a/apps/passwd.c b/apps/passwd.c
index 6851a9927..533b4692d 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -315,7 +315,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	strncat(out_buf, "$", 1);
 	strncat(out_buf, salt, 8);
 	assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
-	salt_out = out_buf + 6;
+	salt_out = out_buf + 2 + strlen(magic);
 	salt_len = strlen(salt_out);
 	assert(salt_len <= 8);