wultra · romanstrobl · Oct 23, 2024 · Oct 23, 2024
diff --git a/docs/Basic-Definitions.md b/docs/Basic-Definitions.md
@@ -221,7 +221,7 @@ When the user identity is managed by the Next Step application, Next Step provid
 
 ### Next Step -- credential hashing
 
-Next Step application hashes the user credentials using the Argon2 hashing algorithm. The credential verification is performed by comparing the hash of the credential with the stored hash. The hashing algorithm parameters can be changed and in this case the credential hash is recreated with new parameters during the next user authentication and stored in the database.
+Next Step application hashes the user credentials using the Argon2 or Bcrypt hashing algorithms. The credential verification is performed by comparing the hash of the credential with the stored hash. For Argon2, the hashing algorithm parameters can be changed to provide strong hashing. In this case the credential hash is recreated with new parameters during the next user authentication and stored in the database. We recommend to use Argon2 instead of Bcrypt, which was added mainly for compatibility reasons and does not support hashing strength configuration.
 
 ### Next Step -- database record encryption
 

diff --git a/docs/Next-Step-Server-REST-API-Reference.md b/docs/Next-Step-Server-REST-API-Reference.md
@@ -5701,6 +5701,8 @@ The list of expected status codes:
 }
 ```
 
+Possible algorithm names: `ARGON_2D`, `ARGON_2I`, `ARGON_2ID`, `BCRYPT`. For `BCRYPT` empty parameters should be used as this algorithm does not support hashing algorithm parameterization.
+
 #### Response 200
 
 - Headers:
-Original file line number
+Diff line change
@@ Expand Up / @@ -5701,6 +5701,8 @@ The list of expected status codes: @@
     }
     ```
+    Possible algorithm names: `ARGON_2D`, `ARGON_2I`, `ARGON_2ID`, `BCRYPT`. For `BCRYPT` empty parameters should be used as this algorithm does not support hashing algorithm parameterization.
     #### Response 200
     - Headers:
@@ Expand Down @@