what is the difference between hashing and encryption??
Moderator: General Moderators
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
what is the difference between hashing and encryption??
Anybody can clarify wot makes the distinction between hashing and encryption??
Ok man, typing "what" instead of "wot" isn't that big of a deal.
Hashing is one way. You take a string, like 'foo', you hash it, you get 'acbd18db4cc2f85cedef654fccc4a4d8', and you can't "decrypt" acbd18db4cc2f85cedef654fccc4a4d8 to get foo back again. Encryption is two ways, meaning that if you have the key, you can unencrypt an encrypted file/string/whatever.
Make sense?
Hashing is one way. You take a string, like 'foo', you hash it, you get 'acbd18db4cc2f85cedef654fccc4a4d8', and you can't "decrypt" acbd18db4cc2f85cedef654fccc4a4d8 to get foo back again. Encryption is two ways, meaning that if you have the key, you can unencrypt an encrypted file/string/whatever.
Make sense?
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
Hashing and encryption are two very different things.
Hashing is a method of summarizing data. Encrypting is a method of obscuring data to make it unreadable without special knowledge (like of the key, the method to decrypt, etc).
The confusion for most people comes that a summary can seem to be fairly obscure. However, encrypting doesn't summarize, and hashing doesn't allow the process to be reversed.
You should use encryption when you need to hide the data from an attacker - like when sending a coded message across enemy lines.
Hashing is a method of summarizing data. Encrypting is a method of obscuring data to make it unreadable without special knowledge (like of the key, the method to decrypt, etc).
The confusion for most people comes that a summary can seem to be fairly obscure. However, encrypting doesn't summarize, and hashing doesn't allow the process to be reversed.
You should use hashing when you need to summarize data - like in password verification. You don't want to send the password itself, you just want to send the summary (the hash), and verify that.raghavan20 wrote:What are the situations when hashing and encryption should be employed?
You should use encryption when you need to hide the data from an attacker - like when sending a coded message across enemy lines.
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Hashing converts in one direction. You can't reverse a hash. You can reverse encryption (decryption).raghavan20 wrote:thanks for your explanatory answer Roja, but what do you mean by summarizing???
By summarizing he means that you take a string (be it an ascii one or a binary one) and create some fixed length string (hash) from it. If you did that same process 100 times on the same string you'd always get the same hash. But there's no way back. You can however compare that hash against another hash of, say for example, a password. You didn't check one password against the other though, you checked the hash of the stored password (summary if you like) against the hash of the given password.
If you had encrypted that password you would have some sort of "key" - or algorithm - to reverse the encryption and thus get th unaltered password back again.
In brief, don't use encryption for storing passwords, use a hash. Use encryption (as Roja states) for obscuring data that you will need in it's exact form again at some point.
If I told you to read "War and Peace" by Tolstoy, in a sense, that is a summary. You know what the actual message is (The contents of the well-known book), but you didn't have to receive that entire book from me. A summary is a smaller form that identifies the full contents - without transmitting them all.raghavan20 wrote:thanks for your explanatory answer Roja, but what do you mean by summarizing???
What is important about hashes is that they are repeatable and unique. For example, if I said "Watch that show on TV", it could mean hundreds of different shows, at different times, on different channels. Thats neither unique, nor repeatable.
Hashes give a unique, repeatable summary of large quantities of information. (It should be mentioned that a hash - while summarizing the input, isn't always smaller than the input).