21 lines
870 B
Plaintext
21 lines
870 B
Plaintext
:sig
|
|
bool password_verify(String password, String encoded)
|
|
|
|
:params
|
|
password : candidate password bytes
|
|
encoded : self-contained `$uce$scrypt$...` credential
|
|
return value : true only when the password matches a structurally valid, bounded encoding
|
|
|
|
:content
|
|
Derives the candidate with the parameters embedded in `encoded` and compares the result in constant time. Malformed encodings and parameters above UCE's accepted memory/work policy are rejected before derivation. Apply application-level password length limits and rate limiting around public authentication endpoints.
|
|
|
|
:example
|
|
String encoded = password_hash("correct horse battery staple");
|
|
print(password_verify("correct horse battery staple", encoded) ? "valid" : "invalid", " / ");
|
|
print(password_verify("wrong password", encoded) ? "valid" : "invalid", "\n");
|
|
|
|
:see
|
|
>sys
|
|
password_hash
|
|
password_needs_rehash
|