Data Backup Digest

Both encryption and hashing are pillars of the data protection community. Both protect data and make it difficult to use if it is stolen. The two are often considered to be synonymous, but there are a couple of key distinctions that separate the two.

Modern encryption algorithms have grown increasingly complex and sophisticated. Many popular encryption techniques use public key cryptography and this type of encryption is especially popular on the Internet. Popular examples include the RSA algorithm, Advanced Encryption Standard (AES), Secure Sockets Layer (SSL), and the Digital Signature Standard (DSS). At its core, encryption takes some message or information and encrypts it to make it unreadable to anyone without the key. Then, the receiver can use the key to decrypt the information. This is why encryption is so popular with email messages and other data that has to be encrypted and then decrypted. The need of a key for decryption is encryption’s main downfall because if someone were to get the decryption key for the algorithm used for the encryption, then all of the data could easily be decrypted.

Hashes don’t have the intrinsic problem of guarding the decryption key because a hashing function is one way. One way means that once some algorithm (the hash function) has been applied to some data, then there is no decryption key for decrypting it. Hashing is often brought up when a website has been hacked and its database of passwords is stolen. When a person types in their password to a website, that password is then hashed, and the output is compared to the hash stored in the database. Using a hash function makes it so there is no need to store the plain text version of passwords, which would be a major security risk. Hashing is also commonly used to verify that transmitted data is unchanged. The original data can be hashed and then the received data can be hashed. If the two hashes are equal then the data hasn’t been changed, but if they are different, then there was a transmission error. This method works because hashes are deterministic, meaning that an input will always have the same output.

Encryption should be used when the data needs to be decrypted so that the original information is accessible. Hashing functions can’t be reversed, even if you have the original hash function, so the outputs of the hash function have to be compared to determine equality. Also, with a well-defined hash function, even a small change in the input will cause a huge change in the output. This makes it so someone can’t use the hash for a known password to figure out another password. Credit card data is often encrypted instead of hashed since the data will eventually need to be retrieved.

Encryption and hashing are both fundamental to securing data. Encryption shines when the data needs to be encrypted and decrypted. Hashing’s sweet spot is with data like passwords where you only need to check for equality and don’t need to know the original plain text.