Merge pull request #1721 from /issues/1720-update-documentation-bcrypt

Fix #1720: Update documentation for bcrypt

docs/Basic-Definitions.md

@@ -221,7 +221,7 @@ When the user identity is managed by the Next Step application, Next Step provid
 
 ### Next Step -- credential hashing
 
-Next Step application hashes the user credentials using the Argon2 hashing algorithm. The credential verification is performed by comparing the hash of the credential with the stored hash. The hashing algorithm parameters can be changed and in this case the credential hash is recreated with new parameters during the next user authentication and stored in the database.
+Next Step application hashes the user credentials using the Argon2 or Bcrypt hashing algorithms. The credential verification is performed by comparing the hash of the credential with the stored hash. For Argon2, the hashing algorithm parameters can be changed to provide strong hashing. In this case the credential hash is recreated with new parameters during the next user authentication and stored in the database. We recommend to use Argon2 instead of Bcrypt, which was added mainly for compatibility reasons and does not support hashing strength configuration.
 
 ### Next Step -- database record encryption
 

docs/Next-Step-Server-REST-API-Reference.md

@@ -5701,6 +5701,8 @@ The list of expected status codes:
 }
 ```
 
+Possible algorithm names: `ARGON_2D`, `ARGON_2I`, `ARGON_2ID`, `BCRYPT`. For `BCRYPT` empty parameters should be used as this algorithm does not support hashing algorithm parameterization.
+
 #### Response 200
 
 - Headers: