Encoding is often confused with encryption and hashing. They are not
the same. But before I go into the differences, I’ll first mention how
they relate:
All three transform data into another format.
Both encoding and encryption are reversible, and hashing is not.
Let’s take a look at each one:
The purpose of encoding is to transform data so that it can be properly (and safely) consumed by a different type of system, e.g. binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it’s able to be properly consumed.
The purpose of encryption is to transform data in order to
keep it secret from others, e.g. sending someone a secret letter that
only they should be able to read, or securely sending a password over
the Internet. Rather than focusing on usability, the goal is to ensure
the data cannot be consumed by anyone other than the intended
recipient(s).
Hashing serves the purpose of ensuring integrity, i.e.
making it so that if something is changed you can know that it’s
changed. Technically, hashing takes arbitrary input and produce a
fixed-length string that has the following attributes:
When the recipient opens the message, they can then decrypt the key with their private key, which allows them to decrypt the message. They then hash the message themselves and compare it to the hash that was signed by the sender. If they match it is an unmodified message, sent by the correct person.
Examples: SHA-3, MD5 (Now obsolete), etc.
All three transform data into another format.
Both encoding and encryption are reversible, and hashing is not.
Let’s take a look at each one:
Encoding
The purpose of encoding is to transform data so that it can be properly (and safely) consumed by a different type of system, e.g. binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it’s able to be properly consumed.
Encoding transforms data into another format using a scheme that is publicly available
so that it can easily be reversed. It does not require a key as the
only thing required to decode it is the algorithm that was used to
encode it.
Examples: ASCII, Unicode, URL Encoding, Base64
Encryption
Encryption transforms data into another format in such a way that only specific individual(s)
can reverse the transformation. It uses a key, which is kept secret, in
conjunction with the plaintext and the algorithm, in order to perform
the encryption operation. As such, the ciphertext, algorithm, and key
are all required to return to the plaintext.
Examples: AES, Blowfish, RSAHashing
- The same input will always produce the same output.
- Multiple disparate inputs should not produce the same output.
- It should not be possible to go from the output to the input.
- Any modification of a given input should result in drastic change to the hash.
When the recipient opens the message, they can then decrypt the key with their private key, which allows them to decrypt the message. They then hash the message themselves and compare it to the hash that was signed by the sender. If they match it is an unmodified message, sent by the correct person.
Examples: SHA-3, MD5 (Now obsolete), etc.
Summary
- Encoding is for maintaining data usability and can be reversed by employing the same algorithm that encoded the content, i.e. no key is used.
- Encryption is for maintaining data confidentiality and requires the use of a key (kept secret) in order to return to plaintext.
- Hashing is for validating the integrity of content by detecting all modification thereof via obvious changes to the hash output.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.