I could have sworn it used PBKDF2-SHA256 and Salsa20/8 internally, which is what I meant by "based on".

It also uses xor internally, but I wouldn't say that scrypt is based on xor. scrypt does not use PBKDF2 for any PBKDF properties; it's just a convenient arbitrary-length-output hash function. I would have used a sponge if they had been widely available when I created scrypt.

Okay, thanks for the clarification.