To the uninitiated, hashing and encryption may seem like similar processes; in reality, they have some important differences. Let’s begin by explaining them.
Encryption is the process of transforming information (the plaintext) into a ciphertext using an algorithm called acipher. The ciphertext is (in theory, at least) unreadable without the encryption key. As mentioned in our article aboutSSL/TLS, both ends of an encrypted network connection possess both a public key and a private key. The public key is shared across the network, while the private key must be kept secret — to leak the private key would be to destroy the integrity of the encryption. Other techniques, such as file system or disk encryption, work similarly. You encrypt this data with a “public” key, while using a private key (often a password) to decrypt it.
Hashing is the process of transforming a plaintext message into a hash, also called a digest… and never seeing it again. Obviously, you probably want to save a copy of the message — but not always. Log-in credentials are often stored as hashes. Rather than simply checking a password against that stored in a database, this scheme “hashes” the given password and compares the digest with its correct value. (This also means a forgotten password cannot be recovered.) Hashing can also be used to create a “signature” of any file; this signature acts as a checksum to verify the file’s contents. While great for passwords and checksums, hash functions make horrible data encryption schemes. It wouldn’t make much sense for a digest to be undigested, would it?
Uses and Implementations
|Protect network communications||Encryption: SSL/TLS, PGP, AES|
|Protect stored data (read/write)||Encryption: PGP, TrueCrypt|
|Protect stored data (write-only)||Hashing: SHA, MD5|
|Data integrity||Hashing: SHA, MD5|
Though a detailed discussion of every hashing or encryption implementation is beyond the scope of this article, you will find more information on some of these in other parts of the knowledge base. Our hope is that you now understand the benefits of and differences between these types of cryptography, and are better able to determine how and when to employ them.