I am trying to compare a user entered password field to a password that has been encrypted. I have looked at the documentation and have not been able to find what I have been looking for. I encrypt the password using
pw_bytes = password.encode('utf-8')
hashed = bcrypt.hashpw(pw_bytes, bcrypt.gensalt())
You need to save the results of
bcrypt.gensalt() with the encrypted password and pass it again to
bcrypt() when you hash the later password attempt.
The point of the salt is to make your hashes unique per user - said another way, if two users use the same password the hashes should ideally be different.
This salt is to protect your passwords should all the hashes be compromised.
Someone could run a hash against every word in a dictionary and then look through your hashes for matches. These lookup tables are called rainbow tables.
If done properly, each password has a unique salt. The rainbow table would then need to have an entry for every word in the dictionary combined with every possible salt combination. This multiplies the required size of an already large table.