You mean to say that the outdated requirements of FIPS-140-2 aren't the best practices for designing a crypto system? That the lack of TMTO attack resistance in PBKDF2 makes it a sub-optimal choice for storing passwords? Surely not! NIST would never recommend anything but the strongest cryptography!