Re-using TYPO3 CMS (salted MD5) passwords in Flow

Settings.yaml

TYPO3:
  Flow:
    security:
      cryptography:
        hashingStrategies:
          typo3md5salted: Vendor\Package\Security\Cryptography\Typo3Md5SaltedHashingStrategy
          

Typo3Md5SaltedHashingStrategy

<?php
namespace Vendor\Package\Security\Cryptography;

use TYPO3\Flow\Annotations as Flow;
use TYPO3\Flow\Utility\Algorithms as UtilityAlgorithms;

/**
 * Compatibility for passwords generated by TYPO3 CMS with EXT:saltedpasswords (Method: MD5 salted) enabled
 */
class Typo3Md5SaltedHashingStrategy implements \TYPO3\Flow\Security\Cryptography\PasswordHashingStrategyInterface
{

    /**
     * @param string $password   The plaintext password to hash
     * @param string $staticSalt Optional static salt that will not be stored in the hashed password
     * @return string the result of the crypt() call
     */
    public function hashPassword($password, $staticSalt = null)
    {
        die('This strategy is only used for backwards compatibility. On resetting a password, a Flow strategy should be used.');
    }

    /**
     * @param string $password The cleartext password
     * @param string $hashedPasswordAndSalt The derived key and salt in as returned by crypt() for verification
     * @param null $staticSalt
     * @return boolean TRUE if the given password matches the hashed password
     */
    public function validatePassword($password, $hashedPasswordAndSalt, $staticSalt = null)
    {
        return crypt($password, $hashedPasswordAndSalt) === $hashedPasswordAndSalt;
    }
}