In the coding world Hashing and Encryption are two processes that are often used interchangeably when talking about security of information. However, though they might be used interchangeably they are two different processes that are used in difference places and it is important to note their differences to understand where to use them.
This blog will be me looking at the differences between them and where you might want to use them.
What is Encryption?
An encryption algorithm is used to protect data from unauthorized access and mutation by mutating the input into something different. (a + key => fjdksay4r3hbt78)
There are 3 types of encryption: symmetric, asymmetric, and a hybrid of them.
-Symmetric encryption uses 1 shared key to encrypt and decrypt the input.
-Asymmetric encryption uses 1 public key to encrypt input and a different private key to decrypt output.
The Caesar Cipher is a good example of very simple encryption. As you can see the 'A'(input) becomes a 'T'(output) based on the number of moves from the starting point (the key). Obviously this encryption is not secure and more methods have been developed since its creation, but this is the basic idea of encryption.
The better options of encryption would be AES(Advanced Encryption Standard), RSA(Rivest-Shamir-Adleman), or TripleDES(Triple Data Encryption Standard). These encryption methods are stronger as each input goes through many rounds of computation to ensure so no two inputs will have the same output. This also makes it very difficult to decrypt and computationally impossible without knowing the key, but if the key is known then any information can be decrypted easily if the type of encryption is also known.
What is Hashing?
A hashing function is used to protect data from unauthorized access by translating the input in a 1 way transformation. (a => @D$e3)
The only way to get the information out of a hash is to know the key and to compute every other possibility and compare to the original hash that is trying to be cracked. This is very time consuming though and thus, usually considered impossible if a strong password is used and a good hash function is used.
A way to identify a hash function is being used it based on its prefix and its consistent output format.
-MD5 uses the prefix: $1$.
-Blowfish uses the prefix: $2$ or $2a$.
-SHA-256 uses the prefix: $5$.
-SHA-512 uses the prefix: $6$
When to use Encryption Vs Hashing?
Because hashing is a 1 way transformation, if the key is not known then it is next to impossible to get the input back out. If a weak hash is chosen though it is possible for 2 inputs to have the same output, thus causing lots of issues.(This is seen with the MD5 hash.)
Hashes are used a lot in passwords when signing up for an account because the input password needs to be checked with the password on file to verify it.
Encryption is used when you want the information back out. This could be used on the database that holds the password or HTTPS communications to keep information secure if someone were to get a hold of the database or be watching internet traffic.
References
- Web Application Hackers Handbook
- https://cheapsslsecurity.com/blog/explained-hashing-vs-encryption-vs-encoding/
- https://lab.getapp.com/common-encryption-methods/
- https://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard
Top comments (1)
Thanks for this 👍. It will be very useful when I write about asymmetric cipher methods sometime in the future.