Page 1 of 1
what is the difference between hashing and encryption??
Posted: Sat Oct 08, 2005 10:22 am
by raghavan20
Anybody can clarify wot makes the distinction between hashing and encryption??
Posted: Sat Oct 08, 2005 10:38 am
by Nathaniel
Ok man, typing "what" instead of "wot" isn't that big of a deal.
Hashing is one way. You take a string, like 'foo', you hash it, you get 'acbd18db4cc2f85cedef654fccc4a4d8', and you can't "decrypt" acbd18db4cc2f85cedef654fccc4a4d8 to get foo back again. Encryption is two ways, meaning that if you have the key, you can unencrypt an encrypted file/string/whatever.
Make sense?
Posted: Sat Oct 08, 2005 10:54 am
by raghavan20
Thanks for your comments mate.
I use SHA256 for my sites. But why is hashing preferred to encryption in this case?
What are the situations when hashing and encryption should be employed?
Posted: Sat Oct 08, 2005 11:01 am
by Charles256
encryption if you plan on needing to know what 3j00gthj80jh4t280jt4jh0jh2t4h80hg023 means at a later date;) hashing if you don't care what it means so long as someone (in most cases a login) can enter the right words to get that mess again.
Posted: Sat Oct 08, 2005 12:29 pm
by Roja
Hashing and encryption are two very different things.
Hashing is a method of summarizing data. Encrypting is a method of obscuring data to make it unreadable without special knowledge (like of the key, the method to decrypt, etc).
The confusion for most people comes that a summary can seem to be fairly obscure. However, encrypting doesn't summarize, and hashing doesn't allow the process to be reversed.
raghavan20 wrote:What are the situations when hashing and encryption should be employed?
You should use hashing when you need to summarize data - like in password verification. You don't want to send the password itself, you just want to send the summary (the hash), and verify that.
You should use encryption when you need to hide the data from an attacker - like when sending a coded message across enemy lines.
Posted: Sun Oct 09, 2005 5:59 am
by raghavan20
thanks for your explanatory answer Roja, but what do you mean by summarizing???
Posted: Sun Oct 09, 2005 10:45 am
by Chris Corbyn
raghavan20 wrote:thanks for your explanatory answer Roja, but what do you mean by summarizing???
Hashing converts in one direction. You can't reverse a hash. You can reverse encryption (decryption).
By summarizing he means that you take a string (be it an ascii one or a binary one) and create some fixed length string (hash) from it. If you did that same process 100 times on the same string you'd always get the same hash. But there's no way back. You can however compare that hash against another hash of, say for example, a password. You didn't check one password against the other though, you checked the hash of the stored password (summary if you like) against the hash of the given password.
If you had encrypted that password you would have some sort of "key" - or algorithm - to reverse the encryption and thus get th unaltered password back again.
In brief, don't use encryption for storing passwords, use a hash. Use encryption (as Roja states) for obscuring data that you will need in it's exact form again at some point.
Posted: Sun Oct 09, 2005 12:39 pm
by Roja
raghavan20 wrote:thanks for your explanatory answer Roja, but what do you mean by summarizing???
If I told you to read "War and Peace" by Tolstoy, in a sense, that is a summary. You know what the actual message is (The contents of the well-known book), but you didn't have to receive that entire book from me. A summary is a smaller form that identifies the full contents - without transmitting them all.
What is important about hashes is that they are repeatable and unique. For example, if I said "Watch that show on TV", it could mean hundreds of different shows, at different times, on different channels. Thats neither unique, nor repeatable.
Hashes give a unique, repeatable summary of large quantities of information. (It should be mentioned that a hash - while summarizing the input, isn't always smaller than the input).