Hi Roger,
I compared `/etc/shadow` and `/etc/passwd` across my host and from inside the testable chroot environments, no difference, I also checked `/etc/pam.d/common-password` and it looks that bullseye uses `yescrypt` for hashing while buster uses `sha512`.
It also says in `/etc/pam.d/common-password`:
> if a shadow password hash will be shared between Debian 11 and older releases replace "yescrypt" with "sha512" for compatibility.
My buster chroot already has "sha512" set. I tried to set "yescrypt" there but sudo still complains about the wrong password.
Regards,
Sergey