Commit 5fc3ee4b authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

use saner default parameters for scrypt 



Thanks to Colin Percival for reporting this issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 9829b5ab

apps/pkcs8.c

+2 −2
Original line number Diff line number Diff line
@@ -203,9 +203,9 @@ int pkcs8_main(int argc, char **argv) 
            break;

#ifndef OPENSSL_NO_SCRYPT

        case OPT_SCRYPT:

            scrypt_N = 1024;

            scrypt_N = 16384;

            scrypt_r = 8;

            scrypt_p = 16;

            scrypt_p = 1;

            if (cipher == NULL)

                cipher = EVP_aes_256_cbc();

            break;

doc/apps/pkcs8.pod

+1 −1
Original line number Diff line number Diff line
@@ -156,7 +156,7 @@ for all available algorithms. 
=item B<-scrypt>



uses the B<scrypt> algorithm for private key encryption using default

parameters: currently N=1024, r=8 and p=16 and AES in CBC mode with a 256 bit

parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit

key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>,

B<-scrypt_p> and B<-v2> options.