[merb]

well on java it's at least:

    PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(StandardCharsets.UTF_8), iterations, digestSize)
    SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256")
    byte[] hash = skf.generateSecret(spec).getEncoded()

ant then using MessageDigest.isEqual (on newer jvm, older ones had a bug up to 6 45 or so) to compare the passwords.

well the biggest problem is probably generating a truly random salt with SecureRandom, which will slow down your program if used incorrect.