Hey! I'm David, the author of the Real-World Cryptography book. I'm a crypto engineer at O(1) Labs on the Mina cryptocurrency, previously I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

$cur = 'plaintext'$cur  = md5($cur)$salt = randbytes(20)
$cur = hmac_sha1($cur, $salt)$cur  = cryptoservice::hmac($cur) [= hmac_sha256($cur, $secret)]$cur  = scrypt($cur,$salt)
$cur = hmac_sha256($cur, \$salt)

the explanation is here

tl;dr: the md5 is here for legacy purpose, cryptoservice::hmac is to add a secret salt, scrypt (which is a kdf not a hash) is for slowing brute force attempts and the sha256 is here for shortening the output.