Awesome, we saw that here - https://github.com/Brewskey/spark-protocol/blob/dev/src/lib/Handshake.js#L332-L345
I don't have much (any) experience working with crypto and we just wanted to make sure that there wasn't any real danger in the Local Cloud code. We've updated the user password hasher to use a different algorithm.