use scrypt instead of PBKDF2
Using scrypt will provide more secure key stretching and brute force cracking resistance for our users.
Scrypt is more suited to our environment where the disparity between runtime execution performance (dinky mobile hardware) compared to the cracking hardware of the adversary (desktop computers, or super computers) is large.
We need to choose and include a scrypt library as well as determine optimal cost parameters (the equivalent of PBKDF's iteration count). Finally, a migration route will need to be coded.