From 4e6f25806e3c9fa4753ce959ef990167796acd32 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <m@maandree.se>
Date: Thu, 14 May 2026 15:55:33 +0200
Subject: Tests and fixes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <m@maandree.se>
---
 README | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'README')

diff --git a/README b/README
index 2ad40fe..60b1050 100644
--- a/README
+++ b/README
@@ -100,5 +100,19 @@ DESCRIPTION
 		Get encoding alphabet for the last algorithm in a
 		chain.
 
+NOTES
+	Using librecrypt_add_algorithm(3) to hash existing password
+	hashes should be used as a transitional mitigation strategy
+	when replaing an old password hash function. Once the password
+	is available in clear text, it should be hashed anew using
+	only the new password hash function: this will both increase
+	security and reducing login it, allowing for stronger hash
+	function configurations. This is especially important if the
+	password is actually a key and longer than the old hash. It
+	is also a good idea to force password reset, and lock any
+	account that hasn't reset its password, because it is
+	possibly that the old password hashes has been leaked and it
+	will force a fresh hashing even one counts that seldom log in.
+
 SEE ALSO
 	crypt(3), crypt(5)
-- 
cgit v1.2.3-70-g09d2