diff --git a/Config.in.legacy b/Config.in.legacy
index 445cab749c..0fc794f758 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -101,6 +101,13 @@ endif
 ###############################################################################
 comment "Legacy options removed in 2015.05"
 
+config BR2_TARGET_GENERIC_PASSWD_DES
+	bool "Encoding passwords with DES has been removed"
+	select BR2_LEGACY
+	help
+	  Paswords can now only be encoded with either of md5, sha256 or sha512.
+	  The default is md5, which is stronger that DES (but still pretty weak).
+
 config BR2_PACKAGE_GTK2_THEME_HICOLOR
 	bool "hicolor (default theme) is a duplicate"
 	select BR2_LEGACY
diff --git a/system/Config.in b/system/Config.in
index 935f7a11fa..431524d103 100644
--- a/system/Config.in
+++ b/system/Config.in
@@ -27,14 +27,6 @@ choice
 
 	  Note: this is used at build-time, and *not* at runtime.
 
-config BR2_TARGET_GENERIC_PASSWD_DES
-	bool "des"
-	help
-	  Use standard 56-bit DES-based crypt(3) to encode passwords.
-
-	  Old, wildly available, but also the weakest, very susceptible to
-	  brute-force attacks.
-
 config BR2_TARGET_GENERIC_PASSWD_MD5
 	bool "md5"
 	help
@@ -67,7 +59,6 @@ endchoice # Passwd encoding
 
 config BR2_TARGET_GENERIC_PASSWD_METHOD
 	string
-	default "des"       if BR2_TARGET_GENERIC_PASSWD_DES
 	default "md5"       if BR2_TARGET_GENERIC_PASSWD_MD5
 	default "sha-256"   if BR2_TARGET_GENERIC_PASSWD_SHA256
 	default "sha-512"   if BR2_TARGET_GENERIC_PASSWD_SHA512