Pbkdf2.no_user_verify

You're seeing just the function no_user_verify, go back to Pbkdf2 module for more information.
Link to this function

no_user_verify(opts \\ [])

View Source

Runs the password hash function, but always returns false.

This function is intended to make it more difficult for any potential attacker to find valid usernames by using timing attacks. This function is only useful if it is used as part of a policy of hiding usernames.

Options

This function should be called with the same options as those used by hash_pwd_salt/2.

Hiding usernames

In addition to keeping passwords secret, hiding the precise username can help make online attacks more difficult. An attacker would then have to guess a username / password combination, rather than just a password, to gain access.

This does not mean that the username should be kept completely secret. Adding a short numerical suffix to a user's name, for example, would be sufficient to increase the attacker's work considerably.

If you are implementing a policy of hiding usernames, it is important to make sure that the username is not revealed by any other part of your application.