:sig bool password_verify(String password, String encoded) :params password : candidate password bytes encoded : self-contained `$uce$scrypt$...` credential return value : true only when the password matches a structurally valid, bounded encoding :content Derives the candidate with the parameters embedded in `encoded` and compares the result in constant time. Malformed encodings and parameters above UCE's accepted memory/work policy are rejected before derivation. Apply application-level password length limits and rate limiting around public authentication endpoints. :example String encoded = password_hash("correct horse battery staple"); print(password_verify("correct horse battery staple", encoded) ? "valid" : "invalid", " / "); print(password_verify("wrong password", encoded) ? "valid" : "invalid", "\n"); :see >sys password_hash password_needs_rehash