use saner default parameters for scrypt Thanks to Colin Percival for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org>

commit: 5fc3ee4b77a6495a3544ce3192e71af0a9d74e08 [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Fri Mar 04 23:28:45 2016 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Sat Mar 05 01:29:50 2016 +0000
tree: 9a3b9889eaea4b17ca3150e776bd507f8c00922b
parent: 9829b5ab52cb5f1891fc48262503b7eec32351b3 [diff]
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 125bf61..0968fef 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c

@@ -203,9 +203,9 @@
             break;
 #ifndef OPENSSL_NO_SCRYPT
         case OPT_SCRYPT:
-            scrypt_N = 1024;
+            scrypt_N = 16384;
             scrypt_r = 8;
-            scrypt_p = 16;
+            scrypt_p = 1;
             if (cipher == NULL)
                 cipher = EVP_aes_256_cbc();
             break;

diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod
index ec9f1d1..f3b20ff 100644
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod

@@ -156,7 +156,7 @@
 =item B<-scrypt>
 
 uses the B<scrypt> algorithm for private key encryption using default
-parameters: currently N=1024, r=8 and p=16 and AES in CBC mode with a 256 bit
+parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit
 key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>,
 B<-scrypt_p> and B<-v2> options.
commit	5fc3ee4b77a6495a3544ce3192e71af0a9d74e08	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Fri Mar 04 23:28:45 2016 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Sat Mar 05 01:29:50 2016 +0000
tree	9a3b9889eaea4b17ca3150e776bd507f8c00922b
parent	9829b5ab52cb5f1891fc48262503b7eec32351b3 [diff]