diff --git a/ecrire/auth/sha256.inc.php b/ecrire/auth/sha256.inc.php
index 2618d13de2fd68d00110dca4a6318011cdf10b40..6d068779d6415bf242672970741513a98444526f 100644
--- a/ecrire/auth/sha256.inc.php
+++ b/ecrire/auth/sha256.inc.php
@@ -7,9 +7,11 @@
  *   require_once('sha256.inc.php');
  *   $hashstr = spip_sha256('abc');
  *
+ * @deprecated 5.0 Use `hash('sha256', $str)`
  * @param string $str Chaîne dont on veut calculer le SHA
  * @return string Le SHA de la chaîne
  */
 function spip_sha256($str) {
+	trigger_deprecation('spip', '5.0', 'Using "%s" is deprecated, use "%s" instead.', 'spip_sha256($str)', 'hash(\'sha256\', $str)');
 	return hash('sha256', $str);
 }
diff --git a/ecrire/auth/spip.php b/ecrire/auth/spip.php
index c1e66762265e0abf8843a4effd04176ec75ed6cb..6ce8c43b53a0e2f1ae966889816fd19379207b50 100644
--- a/ecrire/auth/spip.php
+++ b/ecrire/auth/spip.php
@@ -81,8 +81,7 @@ function auth_spip_dist($login, #[\SensitiveParameter] $pass, $serveur = '', $ph
 		case 64:
 			if (empty($hash)) {
 				// anciens mots de passe encodes en sha256(alea.pass)
-				include_spip('auth/sha256.inc');
-				$hash = spip_sha256($row['alea_actuel'] . $pass);
+				$hash =  hash('sha256', $row['alea_actuel'] . $pass);
 				$methode = 'sha256';
 			}
 			if ($row['pass'] === $hash) {
diff --git a/ecrire/public/cacher.php b/ecrire/public/cacher.php
index 4fa8d23f8c5f374002fa10ab2626052bc9b2e773..6eff90a000b79751ea1b735a14ed1742c9e1978b 100644
--- a/ecrire/public/cacher.php
+++ b/ecrire/public/cacher.php
@@ -101,14 +101,9 @@ function lire_cache($nom_cache) {
 function cache_signature(&$page) {
 	if (!isset($GLOBALS['meta']['cache_signature'])) {
 		include_spip('inc/acces');
-		include_spip('auth/sha256.inc');
 		ecrire_meta(
 			'cache_signature',
-			spip_sha256(
-				$_SERVER['DOCUMENT_ROOT']
-				. ($_SERVER['SERVER_SIGNATURE'] ?? '')
-				. creer_uniqid()
-			),
+			hash('sha256', $_SERVER['DOCUMENT_ROOT'] . ($_SERVER['SERVER_SIGNATURE'] ?? '') . creer_uniqid()),
 			'non'
 		);
 	}