what is the difference between hashing and encryption??

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

what is the difference between hashing and encryption??

Post by raghavan20 »

Anybody can clarify wot makes the distinction between hashing and encryption??
User avatar
Nathaniel
Forum Contributor
Posts: 396
Joined: Wed Aug 31, 2005 5:58 pm
Location: Arkansas, USA

Post by Nathaniel »

Ok man, typing "what" instead of "wot" isn't that big of a deal.

Hashing is one way. You take a string, like 'foo', you hash it, you get 'acbd18db4cc2f85cedef654fccc4a4d8', and you can't "decrypt" acbd18db4cc2f85cedef654fccc4a4d8 to get foo back again. Encryption is two ways, meaning that if you have the key, you can unencrypt an encrypted file/string/whatever.

Make sense?
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

Thanks for your comments mate.

I use SHA256 for my sites. But why is hashing preferred to encryption in this case?
What are the situations when hashing and encryption should be employed?
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

encryption if you plan on needing to know what 3j00gthj80jh4t280jt4jh0jh2t4h80hg023 means at a later date;) hashing if you don't care what it means so long as someone (in most cases a login) can enter the right words to get that mess again.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

Hashing and encryption are two very different things.

Hashing is a method of summarizing data. Encrypting is a method of obscuring data to make it unreadable without special knowledge (like of the key, the method to decrypt, etc).

The confusion for most people comes that a summary can seem to be fairly obscure. However, encrypting doesn't summarize, and hashing doesn't allow the process to be reversed.
raghavan20 wrote:What are the situations when hashing and encryption should be employed?
You should use hashing when you need to summarize data - like in password verification. You don't want to send the password itself, you just want to send the summary (the hash), and verify that.

You should use encryption when you need to hide the data from an attacker - like when sending a coded message across enemy lines.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

thanks for your explanatory answer Roja, but what do you mean by summarizing???
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

raghavan20 wrote:thanks for your explanatory answer Roja, but what do you mean by summarizing???
Hashing converts in one direction. You can't reverse a hash. You can reverse encryption (decryption).

By summarizing he means that you take a string (be it an ascii one or a binary one) and create some fixed length string (hash) from it. If you did that same process 100 times on the same string you'd always get the same hash. But there's no way back. You can however compare that hash against another hash of, say for example, a password. You didn't check one password against the other though, you checked the hash of the stored password (summary if you like) against the hash of the given password.

If you had encrypted that password you would have some sort of "key" - or algorithm - to reverse the encryption and thus get th unaltered password back again.

In brief, don't use encryption for storing passwords, use a hash. Use encryption (as Roja states) for obscuring data that you will need in it's exact form again at some point.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

raghavan20 wrote:thanks for your explanatory answer Roja, but what do you mean by summarizing???
If I told you to read "War and Peace" by Tolstoy, in a sense, that is a summary. You know what the actual message is (The contents of the well-known book), but you didn't have to receive that entire book from me. A summary is a smaller form that identifies the full contents - without transmitting them all.

What is important about hashes is that they are repeatable and unique. For example, if I said "Watch that show on TV", it could mean hundreds of different shows, at different times, on different channels. Thats neither unique, nor repeatable.

Hashes give a unique, repeatable summary of large quantities of information. (It should be mentioned that a hash - while summarizing the input, isn't always smaller than the input).
Post Reply