public static function decryptAndVerify(string $password, string $ciphertext, Key $aesKey) : bool
{
if (!\is_string($password)) {
throw new \InvalidArgumentException('Password must be a string.');
}
if (!\is_string($ciphertext)) {
throw new \InvalidArgumentException('Ciphertext must be a string.');
}
$hash = Crypto::decrypt($ciphertext, $aesKey);
return \password_verify(Base64::encode(\hash('sha384', $password, true)), $hash);
}