Encryption vs Hashing

For centuries cryptography has been used to stop unauthorised humans from reading each others communications. From simply swapping out letters, to more advanced machines such as the Enigma machine, which was used heavily during World War II.

With the introduction of computers, encryption has been taken to a whole new level. Even Android and iOS devices have encryption turned on by default so that if your phone fell into the wrong hands, they can’t retrieve anything from it.

There is a misconception around encryption however, in that not all forms of data storage or transference rely solely on encryption. This is where Hashing comes in.

On a fundamental level, Encryption is used to convert text into an unreadable text and then convert it back to its original text. Hashing can only be converted to unreadable text, it can’t be returned back into readable text. Both of these techniques have majorly different purposes while also being equally needed.

What is Encryption?

Encryption is taking readable text and converting them to unreadable text with the intention of later turning it back into readable text. There’s two methods for doing this. The first is symmetrical key encryption, which is typically what most people think of in regards to encryption. It can be compared to using a key in a padlock. The same key can be used to lock and unlock the padlock.

The second method is pubic key encryption, which is actually the most used form of encryption. Public key encryption relies on a public key and a private key to encrypt and decrypt the text. The public key is made available to everyone and can be used to encrypt the text, but only the private key can decrypt it. The reason it’s the most widely used is because most websites rely on it to make sure that your communication between your web browser and the server is secure. That little padlock in the address bar:

This means that the websites communication is encrypted and underneath, it’s using public key encryption.

Since the text that was encrypted can be converted back into text, encrypted text will always have a variable length depending on the original texts size.

What is Hashing?

Hashing is taking readable text and converting it to unreadable, fixed-length text, but it is practically impossible to convert back into readable text. Hashed text however can be compared to see if any given text equals the hashed valued.

Hashing algorithms, such as MD5 will always produce the same hash value for a given text value. As an example, the text “I am Text.” will always equal the MD5 hash value “8c120839f2b7f2665f6505845ed81f78”. This is by design, however if used for passwords it is insecure. For password hashing, you will need to add known text to the input to make the MD5 hash more unique. This text is known as a “Salt”.

More secure hashing algorithms such as Bcrypt do not have predictable hashes because they have “Salt” built into it, but the algorithm does allow you to see if a readable text equals the hashed value.

What situations would you use Encryption or Hashing?

The general rule is if you don’t need to know what the original text was, then use hashing as it’s more secure, since it’s designed not to reveal the original text.

The most practical example of using hashes is passwords. When you sign up for an online account and it asks you for a password, there is no reason for the password stored on the server to be readable again. Once the hashed password is stored on the online server, all the server needs to know is if the password you entered on the login page is the same as the hashed version stored on the server. This check is possible with hashes, but it’s done in such a way that you don’t need to send the readable password to the server.

Hashing can also be used in situations that have nothing to do with security and is often used for verification. As an example, a lot of websites that have downloadable content include a MD5 or SHA hash value. Once you have downloaded your content, you can run the entire file through a file hasher and compare the hashed values. If the values are not the same, you know that the file has be tampered with in transit or that the file transmitted incorrectly.

Encryption will need to be used in situations such as communication as it’s essential that the encrypted text is converted back to its original readable state.

You can also use Encryption and Hashing together. As an example, you can encrypt your message and also hash it, and send both the encrypted text and hashed value. Once the receiver has decrypted your message, they can run it through the hash generator and verify the message.

In summary, while both Encryption and Hashing do have their differences and purposes, they are often used together. When used correctly they both make communications and data storage safer, and also more reliable.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Casey Gibson

I’m a full stack developer in HTML/CSS, JavaScript, PHP, Java, NoSQL, SQL with extensive knowledge in MongoDB, NodeJS, AWS Lambda and DynamoDB.