verify static method
Verify a password against a bcrypt hash
password - The plain text password to verify
hashedPassword - The bcrypt hash to verify against
Returns true if the password matches the hash, false otherwise
Uses constant-time comparison internally to prevent timing attacks
Implementation
static bool verify(String password, String hashedPassword) {
if (password.isEmpty || hashedPassword.isEmpty) {
return false;
}
try {
return BCrypt.checkpw(password, hashedPassword);
} catch (e) {
// Invalid hash format or other bcrypt error
return false;
}
}