2 files changed, 6 insertions, 5 deletions

diff --git a/src/mailman/rest/docs/users.rst b/src/mailman/rest/docs/users.rst
index 43df35b94..145b069d9 100644
--- a/src/mailman/rest/docs/users.rst
+++ b/src/mailman/rest/docs/users.rst
@@ -66,7 +66,7 @@ Creating users via the API
 ==========================
 
 New users can be created through the REST API.  To do so requires the initial
-email address for the user, and optionally the user's full name and password.
+email address for the user, a password, and optionally the user's full name.
 ::
 
     >>> transaction.abort()
diff --git a/src/mailman/rest/users.py b/src/mailman/rest/users.py
index 857d29471..6423836f2 100644
--- a/src/mailman/rest/users.py
+++ b/src/mailman/rest/users.py
@@ -26,18 +26,18 @@ __all__ = [
     ]
 
 
+from flufl.password import lookup, make_secret, generate
 from restish import http, resource
 from uuid import UUID
 from zope.component import getUtility
 
+from mailman.config import config
 from mailman.interfaces.address import ExistingAddressError
 from mailman.interfaces.usermanager import IUserManager
 from mailman.rest.addresses import UserAddresses
 from mailman.rest.helpers import CollectionMixin, etag, no_content, path_to
 from mailman.rest.preferences import Preferences
 from mailman.rest.validator import Validator
-from mailman.utilities.passwords import (
-    encrypt_password, make_user_friendly_password)
 
 
 
@@ -101,8 +101,9 @@ class AllUsers(_UserBase):
                 error.email))
         if password is None:
             # This will have to be reset since it cannot be retrieved.
-            password = make_user_friendly_password()
-        user.password = encrypt_password(password)
+            password = generate(int(config.passwords.password_length))
+        scheme = lookup(config.passwords.password_scheme.upper())
+        user.password = make_secret(password, scheme)
         location = path_to('users/{0}'.format(user.user_id.int))
         return http.created(location, [], None)