var crypto = require("crypto");

// user submitted form with email + pwd
var pwd = req.params.pwd;

// fetch result from DB ...

// retrieve hash from DB and compare to pwd
var result = <RESULT>;

var meta = fromStore.split(":");
var salt = new Buffer(meta[1], "base64");
var hash = meta[0];

// encrypt+salt password
var encrypted = crypto.pbkdf2(pwd, salt, 10000, 64, function(err, key) {
  if (err) {
    return reject(err);
  }
  key.toString("base64"));
});

// check if passwords match
if (hash !== encrypted) {
  throw new Error("credentials unknown");
}

// user is logged in ...