# SCryptVerify()

Verifies a password against an SCrypt hash. Use this instead of the deprecated VerifySCryptHash().

**Requires Extension:** [Crypto Extension](https://download.lucee.org/#17AB52DE-B300-A94B-E058FC978BE4542D)

```
SCryptVerify( input=string, hash=string, throwOnError=boolean );
```

**Returns:** boolean

# Arguments

| Argument | Type | Required | Description | Default |
|----------|------|----------|-------------|---------|
| input | string | Yes | Password to verify |  |
| hash | string | Yes | SCrypt hash to check against |  |
| throwOnError | boolean | No | If true, throws an exception on invalid hash format instead of returning false | false |

# Usage Notes

The cost parameters are encoded in the hash, so you don't need to specify them when verifying. Non-SCrypt hashes (e.g. a BCrypt hash) return `false` rather than throwing.

By default, invalid or malformed hashes return `false`. Pass `throwOnError=true` if you want an exception instead.

Replaces the deprecated [VerifySCryptHash()](verifyscrypthash.md).

# Examples

```cfml
// Hash a password at registration time
hash = SCryptHash( "user-password" );
// Store 'hash' in your database

// At login, verify the password against the stored hash
isValid = SCryptVerify( "user-password", hash ); // true
isWrong = SCryptVerify( "wrong-password", hash ); // false

// Invalid or non-SCrypt hashes return false by default
result = SCryptVerify( "password", "not-a-valid-hash" ); // false
result = SCryptVerify( "password", "$2a$10$somebcrypthash" ); // false

// Pass throwOnError=true to get an exception on invalid hashes
try {
	SCryptVerify( "password", "not-a-valid-hash", true );
} catch ( e ) {
	// handle the error
}
```







# Categories

[Cryptography](../../categories/crypto.md)

# See Also

[GenerateSCryptHash()](generatescrypthash.md), [SCryptHash()](scrypthash.md), [VerifySCryptHash()](verifyscrypthash.md)