symfony · wouterj · Dec 17, 2013 · wouterj · Dec 17, 2013 · xabbuh
diff --git a/book/security.rst b/book/security.rst
@@ -1358,6 +1358,15 @@ the password is simply run through the ``sha1`` algorithm one time and without
 any extra encoding. You can now calculate the hashed password either programmatically
 (e.g. ``hash('sha1', 'ryanpass')``) or via some online tool like `functions-online.com`_
 
+.. caution::
+
+    The above example is not meaned for practical usage, it uses a weak hash
+    algorithm and it is only done to be able to generate the password easily. Using
+    :ref:`BCrypt <reference-security-bcrypt>` is a better option.
+
+.. versionadded:: 2.2
+    The BCrypt encoder was introduced in Symfony 2.2.
+
 If you're creating your users dynamically (and storing them in a database),
 you can use even tougher hashing algorithms and then rely on an actual password
 encoder object to help you encode passwords. For example, suppose your User
@@ -1373,15 +1382,15 @@ configure the encoder for that user:
             # ...
 
             encoders:
-                Acme\UserBundle\Entity\User: sha512
+                Acme\UserBundle\Entity\User: bcrypt
 
     .. code-block:: xml
 
         <!-- app/config/security.xml -->
         <config>
             <!-- ... -->
 
-            <encoder class="Acme\UserBundle\Entity\User" algorithm="sha512" />
+            <encoder class="Acme\UserBundle\Entity\User" algorithm="bcrypt" />
         </config>
 
     .. code-block:: php
@@ -1390,20 +1399,17 @@ configure the encoder for that user:
         $container->loadFromExtension('security', array(
             // ...
             'encoders' => array(
-                'Acme\UserBundle\Entity\User' => 'sha512',
+                'Acme\UserBundle\Entity\User' => 'bcrypt',
             ),
         ));
 
-In this case, you're using the stronger ``sha512`` algorithm. Also, since
-you've simply specified the algorithm (``sha512``) as a string, the system
-will default to hashing your password 5000 times in a row and then encoding
-it as base64. In other words, the password has been greatly obfuscated so
-that the hashed password can't be decoded (i.e. you can't determine the password
-from the hashed password).
+In this case, you're using the strong ``bcrypt`` algorithm. This means that the
+password has been greatly obfuscated so that the hashed password can't be
+decoded (i.e. you can't determine the password from the hashed password).
 
 .. versionadded:: 2.2
     As of Symfony 2.2 you can also use the :ref:`PBKDF2 <reference-security-pbkdf2>`
-    and :ref:`BCrypt <reference-security-bcrypt>` password encoders.
+    password encoder.
 
 Determining the Hashed Password
 ...............................

diff --git a/cookbook/security/entity_provider.rst b/cookbook/security/entity_provider.rst
@@ -252,9 +252,7 @@ then be checked against your User entity records in the database:
         security:
             encoders:
                 Acme\UserBundle\Entity\User:
-                    algorithm:        sha1
-                    encode_as_base64: false
-                    iterations:       1
+                    algorithm: bcrypt
 
             role_hierarchy:
                 ROLE_ADMIN:       ROLE_USER
@@ -277,9 +275,7 @@ then be checked against your User entity records in the database:
         <!-- app/config/security.xml -->
         <config>
             <encoder class="Acme\UserBundle\Entity\User"
-                algorithm="sha1"
-                encode-as-base64="false"
-                iterations="1"
+                algorithm="bcrypt"
             />
 
             <role id="ROLE_ADMIN">ROLE_USER</role>
@@ -302,9 +298,7 @@ then be checked against your User entity records in the database:
         $container->loadFromExtension('security', array(
             'encoders' => array(
                 'Acme\UserBundle\Entity\User' => array(
-                    'algorithm'         => 'sha1',
-                    'encode_as_base64'  => false,
-                    'iterations'        => 1,
+                    'algorithm' => 'bcrypt',
                 ),
             ),
             'role_hierarchy' => array(
@@ -330,9 +324,9 @@ then be checked against your User entity records in the database:
             ),
         ));
 
-The ``encoders`` section associates the ``sha1`` password encoder to the entity
+The ``encoders`` section associates the ``bcrypt`` password encoder to the entity
 class. This means that Symfony will expect the password that's stored in
-the database to be encoded using this algorithm. For details on how to create
+the database to be encoded using this encoder. For details on how to create
 a new User object with a properly encoded password, see the
 :ref:`book-security-encoding-user-password` section of the security chapter.