SCryptVerify()
Verifies a password against an SCrypt hash. Use this instead of the deprecated VerifySCryptHash().
Requires Extension: Crypto Extension
SCryptVerify( input=string, hash=string, throwOnError=boolean );
Returns: Boolean
| Argument | Description | Default |
|---|---|---|
|
input
string,
required
|
edit
Password to verify |
|
|
hash
string,
required
|
edit
SCrypt hash to check against |
|
|
throwOnError
boolean,
optional
|
edit
If true, throws an exception on invalid hash format instead of returning false |
false |
Usage Notes
editThe cost parameters are encoded in the hash, so you don't need to specify them when verifying. Non-SCrypt hashes (e.g. a BCrypt hash) return false rather than throwing.
By default, invalid or malformed hashes return false. Pass throwOnError=true if you want an exception instead.
Replaces the deprecated VerifySCryptHash().
Examples
edit// Hash a password at registration time
hash = SCryptHash( "user-password" );
// Store 'hash' in your database
// At login, verify the password against the stored hash
isValid = SCryptVerify( "user-password", hash ); // true
isWrong = SCryptVerify( "wrong-password", hash ); // false
// Invalid or non-SCrypt hashes return false by default
result = SCryptVerify( "password", "not-a-valid-hash" ); // false
result = SCryptVerify( "password", "$2a$10$somebcrypthash" ); // false
// Pass throwOnError=true to get an exception on invalid hashes
try {
SCryptVerify( "password", "not-a-valid-hash", true );
} catch ( e ) {
// handle the error
}
See also
- Cryptography
- GenerateSCryptHash()
- SCryptHash()
- VerifySCryptHash()
- Search Issue Tracker open_in_new
- Search Lucee Test Cases open_in_new (good for further, detailed examples)