[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Sat Mar 5 01:30:41 UTC 2016
The branch master has been updated
via 5fc3ee4b77a6495a3544ce3192e71af0a9d74e08 (commit)
from 9829b5ab52cb5f1891fc48262503b7eec32351b3 (commit)
- Log -----------------------------------------------------------------
commit 5fc3ee4b77a6495a3544ce3192e71af0a9d74e08
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Mar 4 23:28:45 2016 +0000
use saner default parameters for scrypt
Thanks to Colin Percival for reporting this issue.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/pkcs8.c | 4 ++--
doc/apps/pkcs8.pod | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 125bf61..0968fef 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -203,9 +203,9 @@ int pkcs8_main(int argc, char **argv)
break;
#ifndef OPENSSL_NO_SCRYPT
case OPT_SCRYPT:
- scrypt_N = 1024;
+ scrypt_N = 16384;
scrypt_r = 8;
- scrypt_p = 16;
+ scrypt_p = 1;
if (cipher == NULL)
cipher = EVP_aes_256_cbc();
break;
diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod
index ec9f1d1..f3b20ff 100644
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod
@@ -156,7 +156,7 @@ for all available algorithms.
=item B<-scrypt>
uses the B<scrypt> algorithm for private key encryption using default
-parameters: currently N=1024, r=8 and p=16 and AES in CBC mode with a 256 bit
+parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit
key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>,
B<-scrypt_p> and B<-v2> options.
More information about the openssl-commits
mailing list