generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

use saner default parameters for scrypt

Browse Source 
Thanks to Colin Percival for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2016-03-04 23:28:45 +00:00
parent 9829b5ab52
commit 5fc3ee4b77
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/pkcs8.c
View File

@@ -203,9 +203,9 @@ int pkcs8_main(int argc, char **argv)
break; break;
#ifndef OPENSSL_NO_SCRYPT #ifndef OPENSSL_NO_SCRYPT
case OPT_SCRYPT: case OPT_SCRYPT:
scrypt_N = 1024; scrypt_N = 16384;
scrypt_r = 8; scrypt_r = 8;
scrypt_p = 16; scrypt_p = 1;
if (cipher == NULL) if (cipher == NULL)
cipher = EVP_aes_256_cbc(); cipher = EVP_aes_256_cbc();
break; break;

2
doc/apps/pkcs8.pod
View File

@@ -156,7 +156,7 @@ for all available algorithms.
=item B<-scrypt> =item B<-scrypt>
uses the B<scrypt> algorithm for private key encryption using default uses the B<scrypt> algorithm for private key encryption using default
parameters: currently N=1024, r=8 and p=16 and AES in CBC mode with a 256 bit parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit
key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>, key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>,
B<-scrypt_p> and B<-v2> options. B<-scrypt_p> and B<-v2> options.