uce/site/doc/pages/password_verify.txt

21 lines
870 B
Plaintext

:sig
bool password_verify(String password, String encoded)
:params
password : candidate password bytes
encoded : self-contained `$uce$scrypt$...` credential
return value : true only when the password matches a structurally valid, bounded encoding
:content
Derives the candidate with the parameters embedded in `encoded` and compares the result in constant time. Malformed encodings and parameters above UCE's accepted memory/work policy are rejected before derivation. Apply application-level password length limits and rate limiting around public authentication endpoints.
:example
String encoded = password_hash("correct horse battery staple");
print(password_verify("correct horse battery staple", encoded) ? "valid" : "invalid", " / ");
print(password_verify("wrong password", encoded) ? "valid" : "invalid", "\n");
:see
>sys
password_hash
password_needs_rehash