Tests and fixes

Signed-off-by: Mattias Andrée <m@maandree.se>

1 files changed, 14 insertions, 0 deletions

diff --git a/README b/README
index 2ad40fe..60b1050 100644
--- a/README
+++ b/README
@@ -100,5 +100,19 @@ DESCRIPTION
 		Get encoding alphabet for the last algorithm in a
 		chain.
 
+NOTES
+	Using librecrypt_add_algorithm(3) to hash existing password
+	hashes should be used as a transitional mitigation strategy
+	when replaing an old password hash function. Once the password
+	is available in clear text, it should be hashed anew using
+	only the new password hash function: this will both increase
+	security and reducing login it, allowing for stronger hash
+	function configurations. This is especially important if the
+	password is actually a key and longer than the old hash. It
+	is also a good idea to force password reset, and lock any
+	account that hasn't reset its password, because it is
+	possibly that the old password hashes has been leaked and it
+	will force a fresh hashing even one counts that seldom log in.
+
 SEE ALSO
 	crypt(3), crypt(5)