I am trying to find if FusionAuth uses a random salt for hashing algorithm in Salted PBKDF2 HMAC SHA-256
A new salt is generated when the user is initially created, and each time the password is changed.
The salt is 32 bytes in length. The one exception to this is bcrypt which uses a 16 byte salt.
The only time the salt can be provided by the end user is on the Import API.