public static function decryptAndVerifyLegacy(string $password, string $ciphertext, string $aesKey) : bool
{
if (!\is_string($password)) {
throw new \InvalidArgumentException('Password must be a string.');
}
if (Binary::safeStrlen($aesKey) !== 16) {
throw new \Exception("Encryption keys must be 16 bytes long");
}
$hash = Crypto::legacyDecrypt($ciphertext, $aesKey);
return \password_verify(Base64::encode(\hash('sha256', $password, true)), $hash);
}