diff --git a/README.md b/README.md
index e17f2d0..df16f9b 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ API key permissions for the [Django REST Framework](https://www.django-rest-fram
 ### Features
 
 - ✌️ **Simple to use**: create, view and revoke API keys via the admin site, or use built-in helpers to create API keys programmatically.
-- 🔒 **As secure as possible**: API keys are treated with the same level of care as user passwords. They are hashed using the default password hasher before being stored in the database, and only visible at creation.
+- 🔒 **As secure as possible**: API keys are treated with the same level of care as user passwords. They are only visible at creation and hashed before storing in the database.
 - 🎨 **Customizable**: satisfy specific business requirements by building your own customized API key models, permission classes and admin panels.
 
 ### Should I use API keys?
diff --git a/docs/index.md b/docs/index.md
index 6b0b3de..d675d3e 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -31,7 +31,7 @@
 ### Features
 
 - ✌️ **Simple to use**: create, view and revoke API keys via the admin site, or use built-in helpers to create API keys programmatically.
-- 🔒 **As secure as possible**: API keys are treated with the same level of care than user passwords. They are hashed using the default password hasher before being stored in the database, and only visible at creation.
+- 🔒 **As secure as possible**: API keys are treated with the same level of care as user passwords. They are only visible at creation and hashed before storing in the database.
 - 🎨 **Customizable**: satisfy specific business requirements by building your own customized API key models, permission classes and admin panels.
 
 ### Should I use API keys?
diff --git a/docs/security.md b/docs/security.md
index de5961f..4ddf403 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -11,10 +11,10 @@ An API key is composed of two items:
 
 The generated key that clients use to [make authorized requests](#making-authorized-requests) is `GK = P.SK`. It is treated with the same level of care as passwords:
 
-- Only a hashed version is stored in the database. The hash is computed using the default password hasher. [^1]
+- Only a hashed version is stored in the database. The hashing algorithm is sha512. [^1]
 - The generated key is shown only once to the client upon API key creation.
 
-[^1]: All hashers provided by Django should be supported. This package is tested against the [default list of `PASSWORD_HASHERS`](https://docs.djangoproject.com/en/2.2/ref/settings/#std:setting-PASSWORD_HASHERS). See also [How Django stores passwords](https://docs.djangoproject.com/en/2.2/topics/auth/passwords/#how-django-stores-passwords) for more information.
+[^1]: Older versions of this module used the same hashers as Django's [`PASSWORD_HASHERS`](https://docs.djangoproject.com/en/2.2/ref/settings/#std:setting-PASSWORD_HASHERS). These hashers come with a large performance penalty and while critical for passwords, they aren't needed for high-entropy, randomly generated keys like the ones created by this module. Keys stored using these slower hashers will be upgraded when used.
 
 ### Grant scheme