• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

SSL Certificates * SSL Tools * Certificate Decoder

  • Buy SSL Certificates
  • Blog
  • OpenSSL
  • Keytool
  • SSL Tools
  • Donate

Encryption vs Hashing vs Salting – What is the difference?

June 29, 2021 by Mister PKI Leave a Comment

In cryptography, there are different functions to be performed depending on your use case, and in this article, we will cover encryption vs hashing vs salting and when to use each one. Namely encryption, hashing, and salting. This article will attempt to demonstrate when why and how you should use each function. Each function is critical for the security of your data whether it be in transit or at rest.

Encryption

Question: What is encryption and why do we need to encrypt our data?

Answer: Encryption is a cryptographic operation used to secure your data in a manner that encodes your plain text in an unreadable and illegible manner. It conceals sensitive information from a malicious actor, yet is recoverable to be used and read when needed. That is a key point, encryption is a two operation. If data is encrypted, it is intended to also be decrypted later. If you do not need to decrypt the data, then you should not encrypt it but rather hash it to be discussed later in this article. Encryption is reversible, hashing is not.

Encryption examples in practice:

openssl encryption

java encryption

Asymmetric Encryption vs Symmetric Encryption

When encrypting data it is important to understand what type of algorithm to use. Is the encryption key shared among parties or should a key pair be used where the encryption key is made public so that any party can encrypt the data but only the private party can decrypt with the private key? Let’s attempt to explain which method of encryption you should use.

What is asymmetric encryption?

Asymmetric encryption is the method of encryption used when there is a private and public key pair. The public key is the encryption key and the private key is the decryption key. A Public Key Infrastructure (PKI) is the trust model to support this method of encryption and is used across the web. Publicly trusted SSL certificates are issued by a CA and exposed to identify a web server. A client then encrypts its data in transit to the server with the server’s public key, and the server then decrypts the data.

Common asymmetric encryption algorithms include RSA and ECC.

What is symmetric encryption?

Symmetric encryption uses a single key that both encrypts and decrypts the same data. Is is much faster than asymmetric encryption and can be used to encrypt large amounts of data such as a database. Symmetric encryption may also be used to encrypt data that is not shared beyond the scope of a system or application. For example, if passwords or credit card information needs to be recoverable, it may be encrypted with a symmetric algorithm that only the process that both encrypts and decrypts the data has access to. It is usually bad practice to share an encryption key outside of the single system that uses it.

The most common symmetric encryption algorithm is AES.

Hashing

The most important takeaway from understanding hashing is that it is a one-way operation. Hashing cannot be reversed, unlike encryption, hence our focus on encryption vs hashing. You may then ask under what circumstances would someone hash data and not need to “unhash” later? The answer is when you care about the authenticity of data such as a software package not being modified or any file for that matter. Another popular use case for hashing is that of passwords.

A strong hashing algorithm will ensure that no two pieces of data will create the hash. If it does, then the hashing algorithm is no longer secure. SHA-1 is the perfect example of this since Google was able to produce a collision.

The most common hashing algorithm in use today is the SHA family. While SHA-1 has been phased out, SHA-256 is the minimum standard although you may see some SHA-384 and SHA-512 hashes in the wild.

Hashing examples in practice:

With openssl

With JavaScript

Salting

Question: What is Salting?

Answer: Salting is usually done in congruence with hashing, specifically password hashing. A salt should be unique to each password and kept private. If an attacker knows the salt, then the salt is deemed useless. For example, if the password is “password01”, then the salt is “1234”, then the pre hashed value will be “password011234”. To sum things up, a salt is a value added to the password being hashed to ensure uniqueness and increase the complexity of the persisted password hash, providing an extra level of security to the storage of the password.

Conclusion

In this article we have covered Encryption vs Hashing vs Salting and contrasted the difference between them. To sum things up:

  1. Encryption is a two way operation that can be reversed.
  2. Hashing is a one way operation used for ensuring the integrity of data via a checksum hash and for authentication with passwords.
  3. Salting is an additional piece of password hashing, adding a salt value to the password before hashing.

Leave us a comment if you would like

SSL Certificates

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Training Courses

Top online courses in IT & Software

Cyber Security Training

Udemy - The Complete Internet Security Privacy Course icon

Buy SSL Certificates

The SSL Store

Comodo Store

Sectigo Store

RapidSSL

Recent Posts

  • pfx password
  • pkcs12
  • Sendmail vs Postfix – Mail Transfer Agent Comparison
  • Python mock datetime now
  • Python get SSL Certificate

Footer

  • Twitter
  • YouTube

Pages

  • About Mister PKI
  • Blog
  • Compare and Buy Affordable PKI Certificates
  • Contact Us
  • Full Disclosure
  • Privacy Policy
  • SSL Tools – Certificate Decoder and Certificate Checker

Copyright © 2022