I saw that. I guess the problem is that for authentication I hope that the PBKDF2 hash is further hashed before sticking it in the DB to protect against DB compromises.