diff --git a/lib/SimpleSAML/Auth/TimeLimitedToken.php b/lib/SimpleSAML/Auth/TimeLimitedToken.php
index ec6ac4c2cf35277c1f1009528bb6b5a6f292225c..fcca0b0acc93f126803ad96fe728035a2ef5d11d 100644
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -34,16 +34,14 @@ class TimeLimitedToken
     /**
      * Create a new time-limited token.
      *
-     * Please note that the default algorithm will change in SSP 1.15.0 to SHA-256 instead of SHA-1.
-     *
      * @param int $lifetime Token lifetime in seconds. Defaults to 900 (15 min).
      * @param string $secretSalt A random and unique salt per installation. Defaults to the salt in the configuration.
      * @param int $skew The allowed time skew (in seconds) to correct clock deviations. Defaults to 1 second.
-     * @param string $algo The hash algorithm to use to generate the tokens. Defaults to SHA-1.
+     * @param string $algo The hash algorithm to use to generate the tokens. Defaults to SHA-256.
      *
      * @throws \InvalidArgumentException if the given parameters are invalid.
      */
-    public function __construct($lifetime = 900, $secretSalt = null, $skew = 1, $algo = 'sha1')
+    public function __construct($lifetime = 900, $secretSalt = null, $skew = 1, $algo = 'sha256')
     {
         if ($secretSalt === null) {
             $secretSalt = Utils\Config::getSecretSalt();