Encryption, encoding, and hashing are often mistaken or (wrongly) used interchangeably. Because, let’s face it, you take a text, do some processing with it and the result is some random mud of text — this description could fit to encryption, encoding, or hashing either way. So it is understandable why people confuse them.
But the difference is critical. If you work in IT you should know these terms, and more importantly know the difference between then. In this article I’ll explain to you in simple terms the differences betweeen encryption, encoding, and hashing.
Encryption is a method to obfuscate information so that illicit reading of it’s original content is prevented. One main attribute of encryption is the ability to reverse the process of obfuscate so that the authorised receiver can read the original content. This process is called decryption. Usually encryption is done using a special key. Another attribute of encryption is, that it is secure enough so any third party will have a hard time decrypting it simply by guessing it.
There are two main types of encryption: Symmetric and asyimmetric encryption. I wrote an article about encryption here.
Is the process of converting a message of variable length into another message of fixed length. For example I could use this tool in order to hash the message “Hello”. The result is:
I can do it again only changing one letter from “e” to “a” into “Hallo”, the result will look like this:
Both hased results have the same length. You may think it’s because the original message has the same length. But I can try it with a shorter message “Hi” and the result would look differently but still has the same length:
The difference to encryption is, that this process of converting a text into a hash is not reversible. The main purpose of encryption is that only unauthorized people must not read it, however, authorized people should be able to read it. This is not possible with hashing.
Nevertheless, hashing is very important in IT security. For example hashing is used for storing your password on servers. Your password is stored on the server only hashed, but no one knows (and should not know) the original content, because the hash can not be reversed. Hashing is also used to verify that a message remain uncompromised.
Encoding only means converting a text format into another, so it can properly be consumed by other systems. For example you have plain text but the system that consumes the data can only understand binary. Therefore you have to encode the text into binary. Encoding formats are for example ASCII/UTF-8, ASCII/UTF-16, binary, etc.
Using this tool, you can encode the text (in encoding format ASCII/UTF-8) “Hello” into binary. The result is: “1001000 1100001 1101100 1101100 1101111”. By using tools like this, you can decode the message back to plain text, i.e. ASCII/UTF-8.
You might say “1001000 1100001 1101100 1101100 1101111” is not readable for a human and you can reverse the process. So, why is it not considered encryption? The reason is that the main purpose of encoding is not hiding data from unauthorized eyes also you can guess what the original message was simply by trying out all encoding format, because the “key” (actually it’s called sheme) to convert it back is publicly available.
Encryption, hashing, and encoding are similar. But they differ in crucial aspects from each other. In the following table I outline the main difference between them:
I hope after reading this article, you’ll never confuse one for the other anymore. Have you mistakenly used them before? Where do you use encryption, hashing, and encoding. Comment below and let me know.