Κeeping data secure is a primary goal in security, but when you first start to learn about keeping data secure you may have had come across the terms encryption and hashing. A common misconception is that those terms accomplish the same thing. I will give you a high-level overview of hashing and encryption, while also giving some examples of how they are used.
The purpose of hashing is not to hide data from prying eyes, its purpose is to ensure the integrity of that data. Hashing gives you the confidence to believe that what was sent has not been modified. Hashing takes an input and outputs a fixed length string of what looks like a jumbled mess. However, that outputted string must follow some basic rules.
- The same input needs to produce the same output
- It should not be possible to take the output and get the input
- If any modifications are made the output (hash) will result in a radical change.
- Different inputs should not have the same output.
Once the data is hashed, the sender will then sign it with their private key. The receiver can then verify the signature using the senders public key. Finally, the receiver can then rehash the data and compare the sent hash to the received hash.
Example: The simple input of “hi” gets the hashed output of “49f68a5c8493ec2c0bf489821c21fc3b” (using the obsolete md5 hashing algorithm). But, when changing the input to “hi.” You are given the output “09bb880c91380d8a07825f506855c159” notice how drastic the change was while retaining the same character length.
The great part about that example is that you can hash the word “hi” & “hi.” using md5, and you will receive the same output I have. That is how the integrity aspect comes into play.
The purpose of encryption, however, is to keep data secret from prying eyes. It achieves this feat by transforming data in a way that only the sender and receiver know how to read. While anyone else who tries to look at that data gets a jumbled mess of characters you cannot do anything with (if done correctly).
Think back to elementary school years when you may have sent a secret message to a friend by using a set of rules that only you and your friend knew how to use. That act achieved the goal of only allowing you and your friend to read messages between each other.
Encryption for security use is much more intense today, however, the fundamentals remain. Today when you want to receive an encrypted message you send a public key only you know, to the sender of the message. The sender then puts the message through the encryption algorithm with your public key, the output is a jumbled text called,
ciphertext. No one can read this cipher text until the message reaches you, where you will decrypt the message using the same algorithm but, using your private key. That effectively reverses the ciphertext into the original plaintext format you can read. This process is visualized in Figure 1.3
Hashing is used to ensure the integrity of sent data by producing a hashed output. If the data changes at all the hashed output will change drastically, alerting you to the fact that what was sent was not what you received.
Encryption is used to ensure that data being sent is secure from everyone but, you and the sender of the data. This is achieved by using an exchange of public keys to encrypt data, this encrypted data can then only be seen by you because you hold the private key, allowing you to reverse the encrypted data.
Check out this encryption page to get a more information on encryption!
Check out this Hashing page to check out more hashing examples!
Figure 1.3 Credit: By No machine-readable author provided. Davidgothberg assumed (based on copyright claims). - No machine-readable source provided. Own work assumed (based on copyright claims)., Public Domain, https://commons.wikimedia.org/w/index.php?curid=1028460