I wonder why PBKDF2 instead of Bcrypt.
Just a recommendation I found while researching, but yes, there are quite a few alternatives (for example, some databases have this kind of functionality built in, e.g. pgcrypto). My main intent was to show that this kind of thing is necessary in general.
This kind of thing is deviously difficult to do simply, correctly, and cleanly
Yes, I'm definitely feeling that - so many different guides and recommendations that it's hard to keep track of what's current, reasonable, etc.