After T150647 and T216682 I noticed, while the changes itself are working, that MediaWiki generates and stores a new salt and a new hash during every login, even if the password is already stored in the correct format.
After some debugging with ReflectionClass I noticed that ->needsUpdate returns true due to a strict comparison failing.
> $params->getValue( $password ); = [ "cipher" => "aes-256-cbc", "secret" => "0", ] > $default->invoke( $password ) = [ "cipher" => "aes-256-cbc", "secret" => 0, ] > $default->invoke( $password ) == $params->getValue( $password ) = true > $default->invoke( $password ) === $params->getValue( $password ) = false >
EncryptedPassword stores its default config as an integer while the read one is always a string.