Key Sections
- Common Encryption and Hashing Algorithms
- Hashing and Encryption Use Cases
- When to use hashing
- When to encrypt data
- Comparison
In the data security field,encryptionand hashing are commonly compared, but why is this the case. Encryption is a two-way function where data is passed in asplaintextand comes out as ciphertext, which is unreadable. Since encryption is two-way, the data can be decrypted so it is readable again. Hashing, on the other hand, is one-way, meaning the plaintext is scrambled into a unique digest, through the use of a salt, that cannot be decrypted. Technically, hashing can be reversed, but the computational power needed to decrypt it makes decryption infeasible.
The way hashing works is with a hashing algorithm. This algorithm is most effective when it collision resistant. Collision resistance means that all the digests are unique and do not overlap with each other. This means that the hashing algorithm must be complex enough to not have overlapping hashes, but not so complex as to take too long to compute hashes. Encryption comes in two different types, and both encryption and hashing have several common types of algorithms.
Common Encryption and Hashing Algorithms
Encryption comes in two types:Asymmetric and Symmetric. Asymmetric encryption uses two different keys, a public and private key, for encryption and decryption. The private key is used to encrypt data, and is kept a secret from everyone but the person encrypting the data. The public key is available for anyone, and is used for decryption. Using asymmetric encryption, the authenticity of the data can be verified, because if the data was modified in transit, it would not be able to be re-encrypted with the private key. Symmetric encryption uses the same key for both encryption and decryption. This type of encryption uses less processing power and is faster, but is less secure as only one key is used.
Symmetric Encryption Algorithms:
- Advanced Encryption Standard (AES)
- Blowfish
- Twofish
- Rivest Cipher (RC4)
- Data Encryption Standard (DES)
Asymmetric Encryption Algorithms:
- Elliptic Curve Digital Signature Algorithm (ECDSA)
- Rivest-Shamir-Adleman (RSA)
- Diffie-Hellman
- Pretty Good Privacy (PGP)
Hashing Algorithms:
- Message Digest Algorithm (MD5)
- Secure Hashing Algorithm (SHA-1, SHA-2, SHA-3)
- WHIRLPOOL
- TIGER
- Cyclical Reduction Check (CRC32)
Tailored Encryption ServicesWe assess, strategize & implement encryption strategies and solutions.
Hashing and Encryption Use Cases
Though they are similar, encryption and hashing are utilized for different purposes. One of the uses for hashing is to compare large amounts of data. Hash values are much easier to compare than large chunks of data, as they are more concise. Hashing is also used for mapping data, as finding values using hashes is quick, and good hashes do not overlap. Hashes are used in digital signatures and to create random strings to avoid duplication of data in databases too. As hashing is extremely infeasible to reverse, hashing algorithms are used on passwords. This makes the password shorter and undiscoverable by attackers.
Encryption, on the other hand, tends to be used for encrypting data that is in transit. Data being transmitted is data that needs to be read by the recipient only, thus it must be sent so that an attacker cannot read it. Encryption hides the data from anyone taking it in the middle of transit, and allows only the decryption key owner to read the data. Other times encryption would be used over hashing is for storing and retrieving data in databases, authentication methods, and other cases where data must be hidden at rest, but retrieved later.
When to use hashing
In general, hashing is valuable in situations where you need a fixed-size representation of data, want to verify data integrity efficiently, or require a quick and uniform distribution of data in various applications such as security, data retrieval, and distributed systems. Hash functions are commonly used in various computer science and information security applications. Here are some scenarios when hashing is particularly useful:
Data Integrity Verification
Hashing is commonly used to verify the integrity of data. By generating a hash value (checksum) of a piece of data and comparing it to a previously computed hash value, one can quickly determine if the data has been altered. This is crucial in ensuring the integrity of files during data transmission or storage.
Password Storage
Hashing is essential for securely storing passwords. Instead of storing actual passwords, systems store the hash values of passwords. During login attempts, the entered password is hashed and compared to the stored hash. This way, even if the hashed values are compromised, the original passwords are not easily recoverable.
Digital Signatures
Hash functions are a fundamental component of digital signatures. In digital signature schemes, a hash of the message is signed by a private key. Recipients can verify the signature using the sender’s public key and comparing the computed hash with the received hash value.
Cryptographic Applications
Hash functions are widely used in cryptographic protocols and algorithms. They play a role in message authentication codes (MACs), key derivation functions (KDFs), and various other security mechanisms to ensure data integrity and authenticity.
Hash Tables and Data Retrieval
Hash functions are used in hash tables, a data structure that allows for efficient data retrieval. By mapping keys to indices in an array using a hash function, hash tables enable quick lookup operations.
When to encrypt data
Encrypting data is crucial in scenarios where confidentiality and privacy are paramount. Here are several situations in which encrypting data is highly recommended:
Data Transmission
When transmitting sensitive information over networks, such as during online banking transactions, accessing email accounts, or making online purchases, encrypting the data ensures that even if intercepted, it cannot be easily understood by unauthorized parties. Secure protocols like HTTPS use encryption to protect data during transmission.
Stored Personal Information
Personal information, including financial records, medical records, and identification details, should be encrypted when stored on devices or servers. This helps safeguard the data from unauthorized access, particularly in case of device theft or data breaches.
Database Security
Databases containing sensitive information, such as user credentials, credit card details, or proprietary business data, should use encryption to protect against unauthorized access. Encryption mechanisms like Transparent Data Encryption (TDE) can be employed to encrypt entire databases or specific columns.
Backup and Storage
Data backups and storage, whether on physical devices or in the cloud, should be encrypted. This safeguards the information in case of data loss or theft of storage media.
Laptops and Mobile Devices
Encrypting data on laptops, mobile phones, and other portable devices is essential. If these devices are lost or stolen, encryption prevents unauthorized individuals from easily accessing the stored data.
Comparisons
| Encryption | Hashing | |
|---|---|---|
| Definition | A two-way function that takes in plaintext data, and turns it into undecipherable ciphertext. | A one-way method of hiding sensitive data. Using a hashing algorithm, hashing turns a plaintext into a unique hash digest that cannot be reverted to the original plaintext, without considerable effort. |
| Reversible or Irreversible? | Reversible | Irreversible |
| Variable or Fixed Length Output? | Variable Length | Fixed Length |
| Types | Asymmetric and Symmetric | Hashing |
| Common Algorithms | AES, RC4, DES, RSA, ECDSA | SHA-1, SHA-2, MD5, CRC32, WHIRLPOOL |
