diff --git a/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FieldMaskingTest.java b/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FieldMaskingTest.java
index 7f4c5bacf2..a7ce8b0c1d 100644
--- a/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FieldMaskingTest.java
+++ b/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FieldMaskingTest.java
@@ -30,6 +30,7 @@
 import org.opensearch.security.user.User;
 import org.opensearch.test.framework.TestSecurityConfig;
 
+import static org.opensearch.security.privileges.dlsfls.FieldMasking.Config.BLAKE2B_LEGACY_DEFAULT;
 import static org.opensearch.security.util.MockIndexMetadataBuilder.indices;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@@ -141,6 +142,18 @@ public void simple() throws Exception {
             assertNull(expression.getRegexReplacements());
 
             FieldMasking.FieldMaskingRule.Field field = new FieldMasking.FieldMaskingRule.Field(expression, FieldMasking.Config.DEFAULT);
+            assertEquals("c042e214a8b49561577445be44c188a8e6274006b36cd0c6fba5312253cf9293", field.apply("foobar"));
+        }
+
+        @Test
+        public void simple_legacyDefaultAlgorithm() throws Exception {
+            FieldMasking.FieldMaskingExpression expression = new FieldMasking.FieldMaskingExpression("field_*");
+            FieldMasking.FieldMaskingRule.Field field = new FieldMasking.FieldMaskingRule.Field(
+                expression,
+                FieldMasking.Config.fromSettings(
+                    Settings.builder().put("plugins.security.masked_fields.algorithm.default", BLAKE2B_LEGACY_DEFAULT).build()
+                )
+            );
             assertEquals("96c8d1da7eb153db858d4f0585120319e17ed1162db9e94bee19fb10b6d19727", field.apply("foobar"));
         }
 
@@ -260,9 +273,9 @@ public void simple() throws Exception {
             assertFalse("FieldMasking.FieldMaskingRule should return false for isAllowAll()", rule.isAllowAll());
             assertTrue("Rule applies to field field_masked_1", rule.isMasked("field_masked_1"));
             assertFalse("Rule does not apply to field field_other", rule.isMasked("field_other"));
-            assertEquals("96c8d1da7eb153db858d4f0585120319e17ed1162db9e94bee19fb10b6d19727", rule.get("field_masked_1").apply("foobar"));
+            assertEquals("c042e214a8b49561577445be44c188a8e6274006b36cd0c6fba5312253cf9293", rule.get("field_masked_1").apply("foobar"));
             assertEquals(
-                new BytesRef("96c8d1da7eb153db858d4f0585120319e17ed1162db9e94bee19fb10b6d19727".getBytes(StandardCharsets.UTF_8)),
+                new BytesRef("c042e214a8b49561577445be44c188a8e6274006b36cd0c6fba5312253cf9293".getBytes(StandardCharsets.UTF_8)),
                 rule.get("field_masked_1").apply(new BytesRef("foobar".getBytes(StandardCharsets.UTF_8)))
             );
             assertEquals("FM:[field_masked_*]", rule.toString());
@@ -275,7 +288,7 @@ public void keyword() throws Exception {
             assertTrue("Rule applies to field field_masked_1", rule.isMasked("field_masked"));
             assertTrue("Rule applies to field field_masked_1.keyword", rule.isMasked("field_masked.keyword"));
             assertEquals(
-                "96c8d1da7eb153db858d4f0585120319e17ed1162db9e94bee19fb10b6d19727",
+                "c042e214a8b49561577445be44c188a8e6274006b36cd0c6fba5312253cf9293",
                 rule.get("field_masked.keyword").apply("foobar")
             );
         }
diff --git a/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FlsDocumentFilterTest.java b/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FlsDocumentFilterTest.java
index 2b28d6330e..214a940c54 100644
--- a/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FlsDocumentFilterTest.java
+++ b/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FlsDocumentFilterTest.java
@@ -319,7 +319,7 @@ public void maskSimpleAttribute() throws Exception {
         String expectedDocument = """
             {
                 "a": "x",
-                "b": "1147ddc9246d856b1ce322f1dc9eeda895b56d545c324510c2eca47a9dcc5d3f",
+                "b": "4b694e9cb9ce9e0983fbe4c5df2d464949610f074460adc76bda5a9d0bcc38a5",
                 "c": "z"
             }
             """;
@@ -351,7 +351,7 @@ public void maskObjectAttribute() throws Exception {
             {
                 "a": "x",
                 "b": {
-                   "b1": "19937da9d0b0fb38c3ce369bed130b647fa547914d675e09a62ba260a6d7811b",
+                   "b1": "f16d01664d4270a4f39cdba8c89ac024380b5f249f0fbec1049497bc745cf30f",
                    "b2": "y2"
                 },
                 "c": "z"
diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
index 74f432d715..0802cb856c 100644
--- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
+++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
@@ -221,6 +221,7 @@
 
 import static org.opensearch.security.dlic.rest.api.RestApiAdminPrivilegesEvaluator.ENDPOINTS_WITH_PERMISSIONS;
 import static org.opensearch.security.dlic.rest.api.RestApiAdminPrivilegesEvaluator.SECURITY_CONFIG_UPDATE;
+import static org.opensearch.security.privileges.dlsfls.FieldMasking.Config.BLAKE2B_LEGACY_DEFAULT;
 import static org.opensearch.security.setting.DeprecatedSettings.checkForDeprecatedSetting;
 import static org.opensearch.security.support.ConfigConstants.OPENDISTRO_SECURITY_AUTHENTICATED_USER;
 import static org.opensearch.security.support.ConfigConstants.SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX;
@@ -448,7 +449,7 @@ public List<Path> run() {
 
         try {
             String maskingAlgorithmDefault = settings.get(ConfigConstants.SECURITY_MASKED_FIELDS_ALGORITHM_DEFAULT);
-            if (StringUtils.isNotEmpty(maskingAlgorithmDefault)) {
+            if (StringUtils.isNotEmpty(maskingAlgorithmDefault) && !BLAKE2B_LEGACY_DEFAULT.equalsIgnoreCase(maskingAlgorithmDefault)) {
                 MessageDigest.getInstance(maskingAlgorithmDefault);
             }
         } catch (Exception ex) {
diff --git a/src/main/java/org/opensearch/security/privileges/dlsfls/FieldMasking.java b/src/main/java/org/opensearch/security/privileges/dlsfls/FieldMasking.java
index b0b77375be..b16aa7b616 100644
--- a/src/main/java/org/opensearch/security/privileges/dlsfls/FieldMasking.java
+++ b/src/main/java/org/opensearch/security/privileges/dlsfls/FieldMasking.java
@@ -235,12 +235,14 @@ public static class Field {
             private final String hashAlgorithm;
             private final Salt salt;
             private final byte[] saltBytes;
+            private final boolean useLegacyDefaultAlgorithm;
 
             Field(FieldMaskingExpression expression, FieldMasking.Config fieldMaskingConfig) {
                 this.expression = expression;
                 this.hashAlgorithm = expression.getAlgoName() != null ? expression.getAlgoName()
                     : StringUtils.isNotEmpty(fieldMaskingConfig.getDefaultHashAlgorithm()) ? fieldMaskingConfig.getDefaultHashAlgorithm()
                     : null;
+                this.useLegacyDefaultAlgorithm = fieldMaskingConfig.useLegacyDefaultAlgorithm();
                 this.salt = fieldMaskingConfig.getSalt();
                 this.saltBytes = this.salt.getSalt16();
             }
@@ -252,10 +254,12 @@ public WildcardMatcher getPattern() {
             public byte[] apply(byte[] value) {
                 if (expression.getRegexReplacements() != null) {
                     return applyRegexReplacements(value, expression.getRegexReplacements());
+                } else if (this.useLegacyDefaultAlgorithm) {
+                    return blake2bHash(value, true);
                 } else if (this.hashAlgorithm != null) {
                     return customHash(value, this.hashAlgorithm);
                 } else {
-                    return blake2bHash(value);
+                    return blake2bHash(value, false);
                 }
             }
 
@@ -301,10 +305,13 @@ private byte[] applyRegexReplacements(byte[] value, List<FieldMaskingExpression.
                 return string.getBytes(StandardCharsets.UTF_8);
             }
 
-            private byte[] blake2bHash(byte[] in) {
-                // Salt is passed incorrectly but order of parameters is retained at present to ensure full backwards compatibility
-                // Tracking with https://github.com/opensearch-project/security/issues/4274
-                final Blake2b hash = new Blake2b(null, 32, null, saltBytes);
+            private byte[] blake2bHash(byte[] in, boolean useLegacyDefaultAlgorithm) {
+                final Blake2b hash;
+                if (useLegacyDefaultAlgorithm) {
+                    hash = new Blake2b(null, 32, null, saltBytes);
+                } else {
+                    hash = new Blake2b(null, 32, saltBytes, null);
+                }
                 hash.update(in, 0, in.length);
                 final byte[] out = new byte[hash.getDigestSize()];
                 hash.digest(out, 0);
@@ -461,6 +468,8 @@ String getSource() {
     }
 
     public static class Config {
+        public static final String BLAKE2B_LEGACY_DEFAULT = "BLAKE2B_LEGACY_DEFAULT";
+
         public static Config fromSettings(Settings settings) {
             return new Config(settings.get(ConfigConstants.SECURITY_MASKED_FIELDS_ALGORITHM_DEFAULT), Salt.from(settings));
         }
@@ -469,10 +478,12 @@ public static Config fromSettings(Settings settings) {
 
         private final String defaultHashAlgorithm;
         private final Salt salt;
+        private final boolean useLegacyDefaultAlgorithm;
 
         Config(String defaultHashAlgorithm, Salt salt) {
             this.defaultHashAlgorithm = defaultHashAlgorithm;
             this.salt = salt;
+            this.useLegacyDefaultAlgorithm = BLAKE2B_LEGACY_DEFAULT.equalsIgnoreCase(defaultHashAlgorithm);
         }
 
         public String getDefaultHashAlgorithm() {
@@ -482,6 +493,10 @@ public String getDefaultHashAlgorithm() {
         public Salt getSalt() {
             return salt;
         }
+
+        public boolean useLegacyDefaultAlgorithm() {
+            return useLegacyDefaultAlgorithm;
+        }
     }
 
 }
diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java
index 909d7577c8..44e14b974e 100644
--- a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java
+++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java
@@ -174,10 +174,10 @@ public void testComplexMappingSearch() throws Exception {
                     "88783587fef740690c4fa39476fb86314d034fa3370e1a1fa186f6d9d4644a18ad85063c1e3161f8929f7ca019bb8740611eaf337709113901e7c3a6b59f4166"
                 )
         );
-        Assert.assertFalse(res.getBody().contains("e90a2fdf7b1939ec06e294321fd7d23e1a70d8fc080a3f85d0f3bf08c205b53"));
+        Assert.assertFalse(res.getBody().contains("9fe023e13d5179157b2023c21c60bc98340a12470538affd306281619d2477c3"));
         Assert.assertFalse(res.getBody().contains("*.*.*.*"));
-        Assert.assertFalse(res.getBody().contains("430a65d4b9c51de7192e048b2639db0de5c56f1901afccc2a01ef97f6a769a38"));
-        Assert.assertFalse(res.getBody().contains("7f48bb3636edf546a75968ca7cd0bdfe63e9ce7af04ef7cb642931fa15d2d7a3"));
+        Assert.assertFalse(res.getBody().contains("5115e9707d1a18772af2a1274e2d3450284754a921692d6b1aef922c33cda8fa"));
+        Assert.assertFalse(res.getBody().contains("8915d31ba2e0ac9eea0c8af1beb058dfa3d01147c233ede320d441cc1b65fa33"));
         Assert.assertFalse(res.getBody().contains("https://www.static.co/downloads/beats/metricbeat"));
         Assert.assertFalse(
             res.getBody()
@@ -207,10 +207,10 @@ public void testComplexMappingSearch() throws Exception {
                         "88783587fef740690c4fa39476fb86314d034fa3370e1a1fa186f6d9d4644a18ad85063c1e3161f8929f7ca019bb8740611eaf337709113901e7c3a6b59f4166"
                     )
             );
-            Assert.assertTrue(res.getBody().contains("e90a2fdf7b1939ec06e294321fd7d23e1a70d8fc080a3f85d0f3bf08c205b53"));
+            Assert.assertTrue(res.getBody().contains("9fe023e13d5179157b2023c21c60bc98340a12470538affd306281619d2477c3"));
             Assert.assertTrue(res.getBody().contains("*.*.*.*"));
-            Assert.assertTrue(res.getBody().contains("430a65d4b9c51de7192e048b2639db0de5c56f1901afccc2a01ef97f6a769a38"));
-            Assert.assertTrue(res.getBody().contains("7f48bb3636edf546a75968ca7cd0bdfe63e9ce7af04ef7cb642931fa15d2d7a3"));
+            Assert.assertTrue(res.getBody().contains("5115e9707d1a18772af2a1274e2d3450284754a921692d6b1aef922c33cda8fa"));
+            Assert.assertTrue(res.getBody().contains("8915d31ba2e0ac9eea0c8af1beb058dfa3d01147c233ede320d441cc1b65fa33"));
             Assert.assertTrue(res.getBody().contains("https://www.static.co/downloads/beats/metricbeat"));
             Assert.assertTrue(
                 res.getBody()
@@ -236,9 +236,9 @@ public void testComplexMappingSearch() throws Exception {
                     "88783587fef740690c4fa39476fb86314d034fa3370e1a1fa186f6d9d4644a18ad85063c1e3161f8929f7ca019bb8740611eaf337709113901e7c3a6b59f4166"
                 )
         );
-        Assert.assertFalse(res.getBody().contains("e90a2fdf7b1939ec06e294321fd7d23e1a70d8fc080a3f85d0f3bf08c205b53"));
+        Assert.assertFalse(res.getBody().contains("9fe023e13d5179157b2023c21c60bc98340a12470538affd306281619d2477c3"));
         Assert.assertFalse(res.getBody().contains("*.*.*.*"));
-        Assert.assertFalse(res.getBody().contains("430a65d4b9c51de7192e048b2639db0de5c56f1901afccc2a01ef97f6a769a38"));
+        Assert.assertFalse(res.getBody().contains("8915d31ba2e0ac9eea0c8af1beb058dfa3d01147c233ede320d441cc1b65fa33"));
         Assert.assertFalse(res.getBody().contains("7f48bb3636edf546a75968ca7cd0bdfe63e9ce7af04ef7cb642931fa15d2d7a3"));
         Assert.assertFalse(res.getBody().contains("https://www.static.co/downloads/beats/metricbeat"));
         Assert.assertFalse(
diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DfmOverwritesAllTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DfmOverwritesAllTest.java
index e291b6eb4c..86bf6d6009 100644
--- a/src/test/java/org/opensearch/security/dlic/dlsfls/DfmOverwritesAllTest.java
+++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DfmOverwritesAllTest.java
@@ -161,8 +161,8 @@ public void testDFMRestrictedUser() throws Exception {
         Assert.assertFalse(response.getBody().contains("value-2-4"));
 
         // field2 - check also some masked values
-        Assert.assertTrue(response.getBody().contains("514b27191e2322b0f7cd6afc3a5d657ff438fd0cc8dc229bd1a589804fdffd99"));
-        Assert.assertTrue(response.getBody().contains("3090f7e867f390fb96b20ba30ee518b09a927b857393ebd1262f31191a385efa"));
+        Assert.assertTrue(response.getBody().contains("b83363be1efc9a30269963686915db175630744f7b9b53eaf012275c10028ed8"));
+        Assert.assertTrue(response.getBody().contains("1036e0c7154ead29670a4d0a609727aeec7e6f39a97b72053d49255b5865e341"));
     }
 
     /**
@@ -271,7 +271,7 @@ public void testDFMRestrictedAndUnrestrictedOneIndex() throws Exception {
         Assert.assertTrue(response.getBody().contains("value-2-4"));
 
         // but we still have masked values for index1-2 and index1-3
-        Assert.assertTrue(response.getBody().contains("514b27191e2322b0f7cd6afc3a5d657ff438fd0cc8dc229bd1a589804fdffd99"));
-        Assert.assertTrue(response.getBody().contains("3090f7e867f390fb96b20ba30ee518b09a927b857393ebd1262f31191a385efa"));
+        Assert.assertTrue(response.getBody().contains("b83363be1efc9a30269963686915db175630744f7b9b53eaf012275c10028ed8"));
+        Assert.assertTrue(response.getBody().contains("1036e0c7154ead29670a4d0a609727aeec7e6f39a97b72053d49255b5865e341"));
     }
 }
diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java
index f4f9f632e3..a2b0944cac 100644
--- a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java
+++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java
@@ -26,6 +26,7 @@
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.is;
+import static org.opensearch.security.privileges.dlsfls.FieldMasking.Config.BLAKE2B_LEGACY_DEFAULT;
 
 public class FieldMaskedTest extends AbstractDlsFlsTest {
 
@@ -163,9 +164,9 @@ public void testMaskedAggregationsRace() throws Exception {
         Assert.assertTrue(res.getBody().contains("200.100"));
         Assert.assertTrue(res.getBody().contains("\"doc_count\" : 30"));
         Assert.assertTrue(res.getBody().contains("\"doc_count\" : 1"));
-        Assert.assertFalse(res.getBody().contains("e1623afebfa505884e249a478640ec98094d19a72ac7a89dd0097e28955bb5ae"));
-        Assert.assertFalse(res.getBody().contains("26a8671e57fefc13504f8c61ced67ac98338261ace1e5bf462038b2f2caae16e"));
-        Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertFalse(res.getBody().contains("4805f3596e68104d71b922124a61c701798180d5511a21586d9d8d58a1fc593f"));
+        Assert.assertFalse(res.getBody().contains("cf2061910587994e02f446d59d61d2dbabc5a3a8aea2fa05d08ffe2a12ee8bc8"));
+        Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
 
         assertThat(
             HttpStatus.SC_OK,
@@ -178,9 +179,9 @@ public void testMaskedAggregationsRace() throws Exception {
         Assert.assertTrue(res.getBody().contains("\"doc_count\" : 1"));
         Assert.assertFalse(res.getBody().contains("100.100"));
         Assert.assertFalse(res.getBody().contains("200.100"));
-        Assert.assertTrue(res.getBody().contains("e1623afebfa505884e249a478640ec98094d19a72ac7a89dd0097e28955bb5ae"));
-        Assert.assertTrue(res.getBody().contains("26a8671e57fefc13504f8c61ced67ac98338261ace1e5bf462038b2f2caae16e"));
-        Assert.assertTrue(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertTrue(res.getBody().contains("4805f3596e68104d71b922124a61c701798180d5511a21586d9d8d58a1fc593f"));
+        Assert.assertTrue(res.getBody().contains("cf2061910587994e02f446d59d61d2dbabc5a3a8aea2fa05d08ffe2a12ee8bc8"));
+        Assert.assertTrue(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
 
         for (int i = 0; i < 10; i++) {
             assertThat(
@@ -194,9 +195,9 @@ public void testMaskedAggregationsRace() throws Exception {
             Assert.assertTrue(res.getBody().contains("200.100"));
             Assert.assertTrue(res.getBody().contains("\"doc_count\" : 30"));
             Assert.assertTrue(res.getBody().contains("\"doc_count\" : 1"));
-            Assert.assertFalse(res.getBody().contains("e1623afebfa505884e249a478640ec98094d19a72ac7a89dd0097e28955bb5ae"));
-            Assert.assertFalse(res.getBody().contains("26a8671e57fefc13504f8c61ced67ac98338261ace1e5bf462038b2f2caae16e"));
-            Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+            Assert.assertFalse(res.getBody().contains("4805f3596e68104d71b922124a61c701798180d5511a21586d9d8d58a1fc593f"));
+            Assert.assertFalse(res.getBody().contains("cf2061910587994e02f446d59d61d2dbabc5a3a8aea2fa05d08ffe2a12ee8bc8"));
+            Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
         }
 
     }
@@ -208,6 +209,42 @@ public void testMaskedSearch() throws Exception {
 
         HttpResponse res;
 
+        assertThat(
+            HttpStatus.SC_OK,
+            is((res = rh.executeGetRequest("/deals/_search?pretty&size=100", encodeBasicHeader("admin", "admin"))).getStatusCode())
+        );
+        Assert.assertTrue(res.getBody().contains("\"value\" : 32,\n      \"relation"));
+        Assert.assertTrue(res.getBody().contains("\"failed\" : 0"));
+        Assert.assertTrue(res.getBody().contains("cust1"));
+        Assert.assertTrue(res.getBody().contains("cust2"));
+        Assert.assertTrue(res.getBody().contains("100.100.1.1"));
+        Assert.assertTrue(res.getBody().contains("100.100.2.2"));
+        Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
+
+        assertThat(
+            HttpStatus.SC_OK,
+            is((res = rh.executeGetRequest("/deals/_search?pretty&size=100", encodeBasicHeader("user_masked", "password"))).getStatusCode())
+        );
+        Assert.assertTrue(res.getBody().contains("\"value\" : 32,\n      \"relation"));
+        Assert.assertTrue(res.getBody().contains("\"failed\" : 0"));
+        Assert.assertTrue(res.getBody().contains("cust1"));
+        Assert.assertTrue(res.getBody().contains("cust2"));
+        Assert.assertFalse(res.getBody().contains("100.100.1.1"));
+        Assert.assertFalse(res.getBody().contains("100.100.2.2"));
+        Assert.assertTrue(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
+
+    }
+
+    @Test
+    public void testMaskedSearchWithClusterLegacyDefault() throws Exception {
+
+        final Settings settings = Settings.builder()
+            .put(ConfigConstants.SECURITY_MASKED_FIELDS_ALGORITHM_DEFAULT, BLAKE2B_LEGACY_DEFAULT)
+            .build();
+        setup(settings);
+
+        HttpResponse res;
+
         assertThat(
             HttpStatus.SC_OK,
             is((res = rh.executeGetRequest("/deals/_search?pretty&size=100", encodeBasicHeader("admin", "admin"))).getStatusCode())
@@ -219,6 +256,7 @@ public void testMaskedSearch() throws Exception {
         Assert.assertTrue(res.getBody().contains("100.100.1.1"));
         Assert.assertTrue(res.getBody().contains("100.100.2.2"));
         Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertFalse(res.getBody().contains(DigestUtils.sha512Hex("100.100.1.1")));
 
         assertThat(
             HttpStatus.SC_OK,
@@ -252,7 +290,7 @@ public void testMaskedSearchWithClusterDefaultSHA512() throws Exception {
         Assert.assertTrue(res.getBody().contains("cust2"));
         Assert.assertTrue(res.getBody().contains("100.100.1.1"));
         Assert.assertTrue(res.getBody().contains("100.100.2.2"));
-        Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
         Assert.assertFalse(res.getBody().contains(DigestUtils.sha512Hex("100.100.1.1")));
 
         assertThat(
@@ -265,7 +303,7 @@ public void testMaskedSearchWithClusterDefaultSHA512() throws Exception {
         Assert.assertTrue(res.getBody().contains("cust2"));
         Assert.assertFalse(res.getBody().contains("100.100.1.1"));
         Assert.assertFalse(res.getBody().contains("100.100.2.2"));
-        Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
         Assert.assertTrue(res.getBody().contains(DigestUtils.sha512Hex("100.100.1.1")));
 
     }
@@ -286,7 +324,7 @@ public void testMaskedGet() throws Exception {
         Assert.assertFalse(res.getBody().contains("cust2"));
         Assert.assertTrue(res.getBody().contains("100.100.1.1"));
         Assert.assertFalse(res.getBody().contains("100.100.2.2"));
-        Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
 
         assertThat(
             HttpStatus.SC_OK,
@@ -297,7 +335,7 @@ public void testMaskedGet() throws Exception {
         Assert.assertFalse(res.getBody().contains("cust2"));
         Assert.assertFalse(res.getBody().contains("100.100.1.1"));
         Assert.assertFalse(res.getBody().contains("100.100.2.2"));
-        Assert.assertTrue(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertTrue(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
     }
 
     @Test
@@ -317,7 +355,7 @@ public void testMaskedGetWithClusterDefaultSHA512() throws Exception {
         Assert.assertFalse(res.getBody().contains("cust2"));
         Assert.assertTrue(res.getBody().contains("100.100.1.1"));
         Assert.assertFalse(res.getBody().contains("100.100.2.2"));
-        Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
         Assert.assertFalse(res.getBody().contains(DigestUtils.sha3_224Hex("100.100.1.1")));
         Assert.assertFalse(res.getBody().contains(DigestUtils.sha512Hex("100.100.1.1")));
 
@@ -331,7 +369,7 @@ public void testMaskedGetWithClusterDefaultSHA512() throws Exception {
         Assert.assertFalse(res.getBody().contains("cust2"));
         Assert.assertFalse(res.getBody().contains("100.100.1.1"));
         Assert.assertFalse(res.getBody().contains("100.100.2.2"));
-        Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
         Assert.assertFalse(res.getBody().contains(DigestUtils.sha3_224Hex("100.100.1.1")));
         Assert.assertTrue(res.getBody().contains(DigestUtils.sha512Hex("100.100.1.1")));
     }
@@ -353,7 +391,7 @@ public void testMaskedGetWithClusterDefaultSHA3() throws Exception {
         Assert.assertFalse(res.getBody().contains("cust2"));
         Assert.assertTrue(res.getBody().contains("100.100.1.1"));
         Assert.assertFalse(res.getBody().contains("100.100.2.2"));
-        Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
         Assert.assertFalse(res.getBody().contains(DigestUtils.sha3_224Hex("100.100.1.1")));
         Assert.assertFalse(res.getBody().contains(DigestUtils.sha512Hex("100.100.1.1")));
 
@@ -367,7 +405,7 @@ public void testMaskedGetWithClusterDefaultSHA3() throws Exception {
         Assert.assertFalse(res.getBody().contains("cust2"));
         Assert.assertFalse(res.getBody().contains("100.100.1.1"));
         Assert.assertFalse(res.getBody().contains("100.100.2.2"));
-        Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
+        Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac"));
         Assert.assertTrue(res.getBody().contains(DigestUtils.sha3_224Hex("100.100.1.1")));
         Assert.assertFalse(res.getBody().contains(DigestUtils.sha512Hex("100.100.1.1")));
     }