The implementation iterates HMACSHA1, which is fine, of course, but which raised concerns on at least one audit I went through because, well, why would anybody want to use SHA1 when SHA2 exists?

Wound up having to implement my own version of PBKDF2 that lets you specify the HMAC algorithm.