From dca6cf4a5aee042b33929f9fc1e9a50562d34191 Mon Sep 17 00:00:00 2001
From: Javier Eguiluz <javier.eguiluz@gmail.com>
Date: Wed, 17 Feb 2021 09:52:54 +0100
Subject: [PATCH] [Security] bcrypt is the new default hasher for native/auto

---
 best_practices.rst | 2 +-
 security.rst       | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/best_practices.rst b/best_practices.rst
index 5f137d492c1..be3486e355b 100644
--- a/best_practices.rst
+++ b/best_practices.rst
@@ -368,7 +368,7 @@ Use the ``auto`` Password Hasher
 
 The :ref:`auto password hasher <reference-security-encoder-auto>` automatically
 selects the best possible encoder/hasher depending on your PHP installation.
-Currently, it tries to use ``sodium`` by default and falls back to ``bcrypt``.
+Starting from Symfony 5.3, the default auto hasher is ``bcrypt``.
 
 Use Voters to Implement Fine-grained Security Restrictions
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/security.rst b/security.rst
index 3b9341a07d6..c91db7be29a 100644
--- a/security.rst
+++ b/security.rst
@@ -219,9 +219,8 @@ command will pre-configure this for you:
             encoders:
                 # use your user class name here
                 App\Entity\User:
-                    # Use native password encoder
-                    # This value auto-selects the best possible hashing algorithm
-                    # (i.e. Sodium when available).
+                    # Use native password encoder, which auto-selects the best
+                    # possible hashing algorithm (starting from Symfony 5.3 this is "bcrypt")
                     algorithm: auto
 
     .. code-block:: xml