diff --git a/framework/UPGRADE.md b/framework/UPGRADE.md
index 75dd2c1a53..0b3bd7b766 100644
--- a/framework/UPGRADE.md
+++ b/framework/UPGRADE.md
@@ -84,6 +84,9 @@ Upgrade from Yii 2.0 Beta
               'cryptBlockSize' => 16,
               'cryptKeySize' => 24,
               'derivationIterations' => 1000,
+              'deriveKeyStrategy' => 'hmac', // for PHP version < 5.5.0
+              //'deriveKeyStrategy' => 'pbkdf2', // for PHP version >= 5.5.0
+              'useDeriveKeyUniqueSalt' => false,
           ],
           // ...
       ],
diff --git a/framework/base/Security.php b/framework/base/Security.php
index 344f99c972..11c77f44c7 100644
--- a/framework/base/Security.php
+++ b/framework/base/Security.php
@@ -79,7 +79,7 @@ class Security extends Component
     /**
      * @var boolean whether to generate unique salt while deriving encryption key.
      * If enabled (recommended) this option increases encrypted text length, but provide more security.
-     * If disabled this option reduces encrypted text length, but also reduce security.
+     * If disabled this option reduces encrypted text length, but also reduces security.
      */
     public $useDeriveKeyUniqueSalt = true;