2 files changed, 14 insertions, 3 deletions

diff --git a/doc/manual/compression.rst b/doc/manual/compression.rst
index 808b7f0dc..2d1f4c142 100644
--- a/doc/manual/compression.rst
+++ b/doc/manual/compression.rst
@@ -3,7 +3,9 @@ Lossless Data Compression
 
 Some lossless data compression algorithms are available in botan, currently all
 via third party libraries - these include zlib (including deflate and gzip
-formats), bzip2, and lzma.
+formats), bzip2, and lzma. Support for these must be enabled at build time;
+you can check for them using the macros ``BOTAN_HAS_ZLIB``, ``BOTAN_HAS_BZIP2``,
+and ``BOTAN_HAS_LZMA``.
 
 .. note::
    You should always compress *before* you encrypt, because encryption seeks to
diff --git a/doc/manual/passhash.rst b/doc/manual/passhash.rst
index 417e58265..b3db1f3e7 100644
--- a/doc/manual/passhash.rst
+++ b/doc/manual/passhash.rst
@@ -75,8 +75,13 @@ Bcrypt Password Hashing
 
 :wikipedia:`Bcrypt` is a password hashing scheme originally designed
 for use in OpenBSD, but numerous other implementations exist.
-It is made available by including ``bcrypt.h``. Bcrypt provides
-outputs that look like this::
+It is made available by including ``bcrypt.h``.
+
+It has the advantage that it requires a small amount (4K) of fast RAM
+to compute, which can make hardware password cracking somewhat more
+expensive.
+
+Bcrypt provides outputs that look like this::
 
   "$2a$12$7KIYdyv8Bp32WAvc.7YvI.wvRlyVn0HP/EhPmmOyMQA4YKxINO0p2"
 
@@ -104,6 +109,10 @@ Botan also provides a password hashing technique called passhash9, in
 
   "$9$AAAKxwMGNPSdPkOKJS07Xutm3+1Cr3ytmbnkjO6LjHzCMcMQXvcT"
 
+This function should be secure with the proper parameters, and will remain in
+the library for the forseeable future, but it is specific to Botan rather than
+being a widely used password hash. Prefer bcrypt.
+
 .. cpp:function:: std::string generate_passhash9(const std::string& password, \
    RandomNumberGenerator& rng, u16bit work_factor = 10, byte alg_id = 1)