diff --git a/flask_security/core.py b/flask_security/core.py
index 3766de4..ec60e92 100644
--- a/flask_security/core.py
+++ b/flask_security/core.py
@@ -32,8 +32,7 @@ _default_config = {
     'URL_PREFIX': None,
     'FLASH_MESSAGES': True,
     'PASSWORD_HASH': 'plaintext',
-    'PASSWORD_HMAC': False,
-    'PASSWORD_HMAC_SALT': None,
+    'PASSWORD_SALT': None,
     'LOGIN_URL': '/login',
     'LOGOUT_URL': '/logout',
     'REGISTER_URL': '/register',
diff --git a/flask_security/utils.py b/flask_security/utils.py
index fc67e1d..2385277 100644
--- a/flask_security/utils.py
+++ b/flask_security/utils.py
@@ -12,6 +12,7 @@
 import base64
 import hashlib
 import hmac
+import os
 from contextlib import contextmanager
 from datetime import datetime, timedelta
 from functools import wraps
@@ -76,33 +77,18 @@ def logout_user():
     _logout_user()
 
 
-def get_hmac(msg, salt=None, digestmod=None):
-    digestmod = digestmod or hashlib.sha512
-    return base64.b64encode(hmac.new(salt, msg, digestmod).digest())
+def get_hmac(password):
+    if _security.password_hash == 'plaintext':
+        return password
+    h = hmac.new(_security.password_salt, password, hashlib.sha512)
+    return base64.b64encode(h.digest())
+
+def verify_password(password, password_hash):
+    return _pwd_context.verify(get_hmac(password), password_hash)
 
 
-def verify_password(password, password_hash, use_hmac=None):
-    if use_hmac is None:
-        use_hmac = _security.password_hmac
-
-    if use_hmac:
-        hmac_value = get_hmac(password, _security.password_hmac_salt)
-    else:
-        hmac_value = password
-
-    return _pwd_context.verify(hmac_value, password_hash)
-
-
-def encrypt_password(password, salt=None, use_hmac=None):
-    if use_hmac is None:
-        use_hmac = _security.password_hmac
-
-    if use_hmac:
-        hmac_value = get_hmac(password, _security.password_hmac_salt)
-    else:
-        hmac_value = password
-
-    return _pwd_context.encrypt(hmac_value)
+def encrypt_password(password):
+    return _pwd_context.encrypt(get_hmac(password))
 
 
 def md5(data):
diff --git a/tests/functional_tests.py b/tests/functional_tests.py
index 73c5546..51e5f00 100644
--- a/tests/functional_tests.py
+++ b/tests/functional_tests.py
@@ -203,7 +203,7 @@ class ConfiguredSecurityTests(SecurityTest):
 
     AUTH_CONFIG = {
         'SECURITY_PASSWORD_HASH': 'bcrypt',
-        'SECURITY_PASSWORD_HMAC_SALT': 'so-salty',
+        'SECURITY_PASSWORD_SALT': 'so-salty',
         'SECURITY_PASSWORD_HMAC': True,
         'SECURITY_REGISTERABLE': True,
         'SECURITY_LOGOUT_URL': '/custom_logout',