diff --git a/config.inc.php b/config.inc.php
index 2edd54b0..e9d5ad92 100644
--- a/config.inc.php
+++ b/config.inc.php
@@ -174,12 +174,20 @@ $CONF['smtp_client'] = '';
 // mysql_encrypt = useful for PAM integration
 // authlib = support for courier-authlib style passwords - also set $CONF['authlib_default_flavor']
 // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
+// php_crypt:CRYPT-METHOD = use PHP built in crypt()-function; methods supported: DES, MD5, BLOWFISH, SHA256, SHA512
 //     IMPORTANT:
 //     - don't use dovecot:* methods that include the username in the hash - you won't be able to login to PostfixAdmin in this case
 //     - you'll need at least dovecot 2.1 for salted passwords ('doveadm pw' 2.0.x doesn't support the '-t' option)
 //     - dovecot 2.0.0 - 2.0.7 is not supported
 $CONF['encrypt'] = 'md5crypt';
 
+// What difficulty to use with the password hashing? (integer)
+// Valid ranges = BLOWFISH: 4-31, SHA256: 1000-999999999, SHA512: 1000-999999999
+// Empty string = use the default value (BLOWFISH: 10, SHA256: 5000, SHA512: 5000)
+//     - larger value is more secure, but uses more CPU and time for each login. Set this according to your CPU processing power.
+//     - only supported with php_crypt, php_crypt:BLOWFISH, php_crypt:SHA256 and php_crypt:SHA512 encrypt methods
+$CONF['encrypt_difficulty'] = '';
+
 // In what flavor should courier-authlib style passwords be encrypted?
 // (only used if $CONF['encrypt'] == 'authlib')
 // md5 = {md5} + base64 encoded md5 hash