Security

Encryption vs. Hashing

With the growing number of cyberattacks every passing minute, the need for cybersecurity is more than ever. One such domain of cybersecurity that has gained a lot of momentum in the last decade is cryptography. Cryptography is of different types; however, hashing and encryption are the most fundamental types of cryptography.

Even though both hashing and encryption take an input text and return that data in an unreadable format, there are many subtle differences, such as both operations incorporate different ways to take the raw data as an input, differ in applied algorithms, and output data in various formats. Most importantly, their dissimilar properties define a unique scope of usage.

The article explains these mechanisms, their wide range of properties, and their area of application while giving an in-depth understanding of their differences.

Encryption

Encryption is the process of using mathematical techniques to scramble human-readable data or plaintext into an unreadable format. The unreadable or encrypted form known as ciphertext is only accessible to authorized parties via cryptographic keys.

How Does Encryption Work?

The encryption process incorporates the use of algorithms and keys to map the plaintext to ciphertext. The ciphertext is encrypted/decrypted with the help of a key that can be the same (shared) or mathematically related (public/private). Hence, depending on the number of keys, we classify encryptions into two main types: symmetric and asymmetric encryption.

Symmetric Encryption: The symmetric key encryption incorporates a single/secret/shared key for encryption and decryption. The main advantage of symmetric encryption is that it’s useful in encrypting and sending large files in minimum time. However, it does require an initial secure exchange of the key between communicating parties. Some of the most common examples are DES, Triple-DES, AES, and RC.

Asymmetric Encryption: Asymmetric encryption algorithms/public-key cryptography use a pair of non-identical but mathematically related private and public keys. A private key is only known to a select party or an individual who can keep it a secret, while a public key is known to everyone. The most common cipher examples are Diffie-Hellman, RSA (Rivest-Shamir-Adleman), and Pretty Good Privacy (PGP).

Purpose of Encryption:

Encryption aims to secure digital data at rest and in transit from unauthorized access. Hence, the main idea behind encryption was to obtain confidentiality by concealing the information into a format that is only accessible to an authorized individual.

Therefore, encryption applications in most of the use cases are in response to a business requirement. Some of the many use cases of encryption are:

Database encryption was initially viewed as an unrequired overhead, but the recent surge in data breaches has made it a top use case for the relational/MySQL/NoSQL databases. The motivation for database protection is to tackle data breaches, privacy preservation, and meet state privacy laws.

Another use case is to meet the Payment Card Industry Data Security Standard for the secure processing of card-holder data for payments, purchases, or any relevant detail.

It offers support in a multi-tenant environment, such that cloud providers are also offering users to manage their encryption keys such that it only encrypts/decrypts the data.

Hashing

Hashing is a one-way function that transforms variable-length plaintext into an unreadable format known as the hash value. Hence, hashing is an irreversible encryption process that does not use a key to reverse engineer/decipher the hash to its original text. The most known hashing functions are Message-Digest Algorithms (MD5), Secure Hash Algorithm (SHA-256 and SHA-512), and NT LAN Manager (NTLM). An ideal hashing algorithm adheres to the following set of properties:

  • Returns fixed-length output irrespective of the input size.
  • It can not be reverse-engineered.
  • It must not produce a similar hash value for different inputs (collision-resistant).
  • Slight input changes generate massive output differences.
  • Depending on the area of application, it offers fast computation.

How Does Hashing Work?

Hashing algorithms take an input block of data whose size varies from algorithm to algorithm and process each block at a time. In addition, it incorporates the output of the recent block into the input of the next block. Since hash functions use the pre-set size of the data block, such as SHA-1 accepts 512-bit block size, the file size isn’t always a multiple of 512. This incorporates the need of a technique known as Padding to divide input data into the length of similar block size.

Purpose of Hashing

One of the two prominent use cases of hashing is to provide data integrity during a message/file transfer over the internet. The irreversible property of hashes helps the receiver verify if any man-in-the-middle has tampered with the data.

This feature is evident in the Message Authentication Code process, wherein the sender appends the original message with its hash value. On reception, the receiver recalculates the message hash to compare the two hashes. Hence, any changes made by intercepting messages during transfer will generate a different hash value, verifying message tempering. The integrity feature of hashing opens various areas of its application, such as file/application verification, digital signatures, and virus signatures used by Antivirus solutions for malware identification, etc.

The second most important use case of hashing is password protection. Systems only allow user access based on authentication such that they do not store passwords in plaintext format. For that purpose, encryption isn’t an ideal approach due to an inherent weakness of placing encryption keys at the server that are easy to steal.

Hence, hashing with the use of a salt value or addition of randomly generated data in front/end of passwords is an ideal approach to secure passwords against encryption key theft and collision attacks.

Conclusion

Cryptography is one of the most fundamental aspects of cyber security, having different types. However, encryption and hashing are the dominant ones. Encryption and hashing operations adhere to the two components of the triangle in information security, which are confidentiality and integrity. The article provides a brief overview of these two most significant operations of cryptography. It also highlights their subtle differences and sheds light on how their unique properties open different doors for their area of application or usage.

About the author

Usama Azad

A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14