diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-03-04 23:28:45 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-03-05 01:29:50 +0000 |
commit | 5fc3ee4b77a6495a3544ce3192e71af0a9d74e08 (patch) | |
tree | 9a3b9889eaea4b17ca3150e776bd507f8c00922b | |
parent | 9829b5ab52cb5f1891fc48262503b7eec32351b3 (diff) | |
download | openssl-5fc3ee4b77a6495a3544ce3192e71af0a9d74e08.tar.gz |
use saner default parameters for scrypt
Thanks to Colin Percival for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
-rw-r--r-- | apps/pkcs8.c | 4 | ||||
-rw-r--r-- | doc/apps/pkcs8.pod | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 125bf6158a..0968fef946 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -203,9 +203,9 @@ int pkcs8_main(int argc, char **argv) break; #ifndef OPENSSL_NO_SCRYPT case OPT_SCRYPT: - scrypt_N = 1024; + scrypt_N = 16384; scrypt_r = 8; - scrypt_p = 16; + scrypt_p = 1; if (cipher == NULL) cipher = EVP_aes_256_cbc(); break; diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod index ec9f1d14d5..f3b20ff4b1 100644 --- a/doc/apps/pkcs8.pod +++ b/doc/apps/pkcs8.pod @@ -156,7 +156,7 @@ for all available algorithms. =item B<-scrypt> uses the B<scrypt> algorithm for private key encryption using default -parameters: currently N=1024, r=8 and p=16 and AES in CBC mode with a 256 bit +parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>, B<-scrypt_p> and B<-v2> options. |