Hazem Allbabidi

July 30, 2023 | 7 min read


Hashing vs Encryption

When working in any sector in IT, such as software development, it is essential to know what hashing and encryption are, their purposes, and the differences are between each of them.

In this article, I will briefly go through each of them, explaining the differences between them, and showing how they can be utilized in a real world scenario.

Introduction

When developing an application, accessing a server, or even verifying if the downloaded file is the correct one, we use various types of data that has either been hashed or encrypted.

Hashing

In brief, hashing is the act of changing a value to an uncomprehensible one that cannot be reversed back to the original value. There are various use cases for hashing. One very famous use case is verifying downloaded files.

If you go to a website and attempt to download a file the website provides, you might see some text that includes random characters, such as:

d41d8cd98f00b204e9800998ecf8427e

The above value is originally a file with specific content that was hashed to get that value.

After downloading a file from somewhere, you might need to make sure you have the same file you need and not something malicious. What you do is you create a hash using the specific algorithm mentioned on the website, then you compare the value you got with the value mentioned on the website. If the hashes are the same, it means that the file and its content are the same as well. Even one tiny change in the file, such as a change in a single character, will end up generating a completely different hash. But as long as the file is the same, and you are using a specific algorithm, the hash will always end up being the same.

Another major use case of hashes are password verifications. When signing up to a website or application, the password needs to be stored in the database in order for you to be able to sign in again with the same password. But if the password is saved in plain text, any access to the database from an outsider (i.e. a hacker) will allow them to have access to all the passwords of the users. Therefore, before we save a password, we first hash it, then save the hashed value. Then, when a user signs in again with their password, the value they entered through the sign in form will be hashed using the same algorithm and compared to the one saved in the database. If the value match perfectly, it means that they entered the correct password.

One of the great things about hashes, are that they cannot be “dehashed’. Meaning they cannot be reversed in order to get the original value. This allows for much better security when it comes to use cases such as storing passwords.

Another great thing about hashes is that the hash value that was generated from a specific value, using a specific algorithm, will never change. For example, say I have a value hazem and I hash the value using the MD5 algorithm, it will always result in the same exact value. This is useful in all hashing use cases, such the ones we talked about previously.

Lastly, to clarify a point that was mentioned above. There are various hashing functions or algorithms. Among the most famous ones are the SHA family algorithms. The most famous of them are SHA-1, SHA-256, and SHA-512. There is also the MD5 hashing algorithm. The main difference between each algorithm, is how long it takes to hash a value and how long is might take to crack it. For example, say we have two algorithms, H1 and H10. The first algorithm, might run the hashing functionality on the value only once, while the second algorithm would run the functionality 10 times. Running the function more than once will make the hash more secure and much more difficult to crack.

Encrypting

Encryption is also the act of changing a value to an uncomprehensible one, but in an encrypted value, there would be a way to reverse the encryption and get back the original value.

There are lots of use cases for encrypting that are separate from hashing. One of the most common examples that you might be using on a daily basis, is authentication on a website. When you sign in to a website, your browser might be given some encrypted value that might contain your user ID, the created_at timestamp, the expiry date of that value, and whatever else is needed. This value is sent to the backend with every request you do.

For example, if you are authenticated on a website, and you try to do an action, the encrypted authentication value will be sent to the backend along with the request. The backend will first ensure you are actually authenticated using the encrypted value, and will check which user is doing the action, if the user actually exists, and if the user has the permission to do such action. The encrypted value might not be understood by you or the browser, but once it is sent to the backend, the value will be decrypted to get the original information.

There are two main categories of encryption, Symmetric Encryption and Asymmetric Encryption.

Symmetric Encryption

Symmetric Encryption is a type of encryption where you have a single key that encrypts and decrypts a value. For example, say you attempt to encrypt a value using the key XYZ. If you wish to decrypt that value, you need the same XYZ key. In some situations, you can consider the example given previously as a type of Symmetric Encryption, since you are using a single key to both encrypt and decrypt a value.

Asymmetric Encryption

Asymmetric Encryption is a type of encryption where you have two different keys, private key and public key. Both of them can encrypt and/or decrypt. But, if you encrypt a value using your public key, it can only be decrypted using your private key, and not your public key.

One major example that you also might be using on a daily basis, are SSL Certificates on websites. If you see a lock logo beside the URL of a website you are trying to visit, that means that it is a secure website. The reason for this is that, when you open the webite, it submits to you all the HTML, CSS, and JavaScript needed, as well as a public key. Then, in any subsequent requests, this public key encrypts the data you send (e.g. your sign in credentials) and is then sent on the network. Then, inside the server where the website is served, the value is decrypted by the private key of the SSL Certificate.

To make it clearer. The private key is a key that is only supposed to be available to the owner, while the public key can be shared with anyone. If someone wants to send you a value securely, then might take your public key, encrypt the value, then send it to you. That way, assuming you are the only one with access to the private key, you would be the only one that can decrypt the value and get the original one.

Main Differences

Each of these two types have their own use cases. Hashing is used to verify a downloaded file, password verification, and even in the Blockchain technology as a way to verify new transactions. Encryption is used for authentication, securely sharing information, and much more.

In some cases, you might use hashing, and in others, you might use encrypting. Each one has it’s benefits, while they might have similarities, they are two different concepts in general.

Conclusion

Now you should know the difference between hashing and encrypting, and know when to use each one.

I hope this article benefitted you in some way to understand the use case of each of these two, separate methods.

Thank you for reading and have a great day.


Previous

Structure of a Command in Linux

Next

Differences Between SaaS, PaaS, and IaaS
Sign Up To Binance To Get 10% Off Commission Fees Sign Up To Kucoin