:sig
bool password_verify(String password, String encoded)

:params
password : candidate password bytes
encoded : self-contained `$uce$scrypt$...` credential
return value : true only when the password matches a structurally valid, bounded encoding

:content
Derives the candidate with the parameters embedded in `encoded` and compares the result in constant time. Malformed encodings and parameters above UCE's accepted memory/work policy are rejected before derivation. Apply application-level password length limits and rate limiting around public authentication endpoints.

:example
String encoded = password_hash("correct horse battery staple");
print(password_verify("correct horse battery staple", encoded) ? "valid" : "invalid", " / ");
print(password_verify("wrong password", encoded) ? "valid" : "invalid", "\n");

:see
>sys
password_hash
password_needs_rehash
