Tuesday, 22 March 2016

Difference between Encryption and Hashing and When to Use One over the Other

Security breaches are major issues in access control and authentication systems. The effect of a password security breach for example can be as trivial as gaining access to a to-do list or as devastating as impersonating a PayPal account holder and emptying his/her account. Encryption and Hashing are two major techniques used in optimizing security in authentication and access control systems. Many people use the terms interchangeably, confusing encryption with hashing. This is not supposed to be so. In this post am going to discuss how they originate, their differences and when to use them

A Brief History
In World War I and II, encrypted messages were sent to and from the battle field without the knowledge of the enemy. The Enigma Machine was a tool of communication used by the Germans during World War II. This machine was used to encrypt and decrypt messages. The Allies on other hand were able to decrypt intercepted messages using necessary keys as soon as they got hold of the device. This allowed the Allies gain intelligence needed to significantly advance against the Axis.
Because with a key an encrypted message can be decrypted and various encryption algorithm get broken in the long run, Hashing was introduces. This new form of turning data into unreadable characters does not allow reverse engineering of transformed text and hence considered more secure.

Major Difference between Encryption and Hashing
Basically encryption involves transforming a string of text into unreadable characters that aren’t of fixed length using an algorithm. Hashing is the process of generating a fixed length string or number that vary widely with small variation of input from a string of text. The key difference between the two is that original form of encrypted string can be gotten if the right key is available. It is said to be two way because it can be decrypted. Hashing on other hand does not use a key. Because there is no key, authentication is done by hashing a string to verify that it is the same with the hash (a string of characters generated from a string of text). The only way to get the original text is to either know it or through brute force attack until original representation is found.

When to Use Encryption
Sometimes during communication, there is a need to know the original message. This is the case of a messaging system that transform messages while in transit to avoid been tapped and get the original form of the message once received on the other side. Encryption should be employed in situations like this because it is necessary to decrypt the encrypted message.

When to Use Hashing
With strong hashing algorithms and efficient salt in place, it will be very difficult to reverse a hashed text. When there is a need to compare a value with a stored value that is not in plain format for security reasons then we can think of using hashing. Modern password authentication systems are now making use of hashing in place of encryption.

Hashing is considered to be more secured than encryption but should not be used in some cases. This post has successfully point out scenarios where one can be used over the other. In the next post, I’ll be discussing some hashing and encryption algorithms. Once again I hope this post adds some value to your intellect and I’ll like to thank you for reading.


Post a Comment

Add a comment here