The Difference Between Encoding, Encryption, and Hashing

[ Check out my latest post on the HP Security Blog: “Thoughts on the Heartbleed Bug” ]

Encoding is often confused with encryption and hashing. They are not the same. But before I go into the differences, I'll first mention the similarities:

  1. All three transform data into another format.
  2. Both encoding and encryption are reversible, unlike hashing.

And now the differences:

Encoding

ascii

The purpose of encoding is to transform data so that it can be properly (and safely) consumed by a different type of system, e.g. binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it's able to be properly consumed.

Encoding transforms data into another format using a scheme that is publicly available so that it can easily be reversed. It does not require a key as the only thing required to decode it is the algorithm that was used to encode it.

Examples: ASCII, Unicode, URL Encoding, Base64

Encryption

ciphertext

The purpose of encryption is to transform data in order to keep it secret from others, e.g. sending someone a secret letter that only they should be able to read, or securely sending a password over the Internet. Rather than focusing on usability, the goal is to ensure the data cannot be consumed by anyone other than the intended recipient(s).

Encryption transforms data into another format in such a way that only specific individual(s) can reverse the transformation. It uses a key, which is kept secret, in conjunction with the plaintext and the algorithm, in order to perform the encryption operation. As such, the ciphertext, algorithm, and key are all required to return to the plaintext.

Examples: AES, Blowfish, RSA

Hashing

sha512

Hashing serves the purpose of ensuring integrity, i.e. making it so that if something is changed you can know that it's changed. Technically, hashing takes arbitrary input and produce a fixed-length string that has the following attributes:

  1. The same input will always produce the same output.
  2. Multiple disparate inputs should not produce the same output.
  3. It should not be possible to go from the output to the input.
  4. Any modification of a given input should result in drastic change to the hash.

Hashing is used in conjunction with authentication to produce strong evidence that a given message has not been modified. This is accomplished by taking a given input, hashing it, and then encrypting the sent hash with the recipient's public key.

When the recipient opens the message with their private key they then hash the message themselves and compare it to the hash that was given encrypted by the sender. If they match it is an unmodified message.

Examples: SHA-3, MD5 (Now obsolete), etc.

Summary

Recommended

References

[ Encryption | wikipedia.org ]
[ Encoding | wikipedia.org]
[ Hashing | wikipedia.org]


If you’d like to connect or respond, please reach out via Twitter, using the comments below, or by email. Also consider subscribing to the site via RSS and checking out my other content.

Thank you for visiting.

blog comments powered by Disqus