Structural problems in how PBKDF2 was originally described mean almost all implementations give attackers an accidental advantage. This talk describes the problem and surveys several implementations.
Joseph, aka ctz, has 7 years of experience with Hardware Security Module firmware development and phone authentication solutions. He spends the rest of his time complaining about how awful computers and electronic security are.