Take a look at the passwordHash function. You will see that it uses different algorithms depending on the setting for the strong_hash option. So the two installs may have different settings for this. The debug log would show this value.
I might also note that the actual value of this may be different by user, so your code would probably have to check each version (currently 0, 1, and 2) to be robust.
This is the code we use to check a logon:
foreach(Zenphoto_Authority::$hashList as $hash=>$hi) {
$auth = Zenphoto_Authority::passwordHash($post_user, $post_pass, $hi);
$success = ($auth == $check_auth) && $post_user == $check_user;
if (DEBUG_LOGIN) debugLog("zp_handle_password($success): \$post_user=$post_user; \$post_pass=$post_pass; \$check_auth=$check_auth; \$auth=$auth; \$hash=$hash;");
if ($success) {
break;
}
}