|  | @@ -114,9 +114,9 @@ A `key` is shared between this authentication provider and the `TokenBasedRememb
 | 
	
		
			
				|  |  |  In addition, `TokenBasedRememberMeServices` requires a `UserDetailsService`, from which it can retrieve the username and password for signature comparison purposes and generate the `RememberMeAuthenticationToken` to contain the correct `GrantedAuthority` instances.
 | 
	
		
			
				|  |  |  `TokenBasedRememberMeServices` also implements Spring Security's `LogoutHandler` interface so that it can be used with `LogoutFilter` to have the cookie cleared automatically.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -By default, this implementation uses the MD5 algorithm to encode the token signature.
 | 
	
		
			
				|  |  | +By default, this implementation uses the SHA-256 algorithm to encode the token signature.
 | 
	
		
			
				|  |  |  To verify the token signature, the algorithm retrieved from `algorithmName` is parsed and used.
 | 
	
		
			
				|  |  | -If no `algorithmName` is present, the default matching algorithm will be used, which is MD5.
 | 
	
		
			
				|  |  | +If no `algorithmName` is present, the default matching algorithm will be used, which is SHA-256.
 | 
	
		
			
				|  |  |  You can specify different algorithms for signature encoding and for signature matching, this allows users to safely upgrade to a different encoding algorithm while still able to verify old ones if there is no `algorithmName` present.
 | 
	
		
			
				|  |  |  To do that you can specify your customized `TokenBasedRememberMeServices` as a Bean and use it in the configuration.
 | 
	
		
			
				|  |  |  
 |