Thursday, July 18, 2013

Hashing and Encryption

    Hashing and Encryption are not the same. They stand for different mechanisms which are used for different purposes. This is a quick tutorial which help you to differentiate these two.

Hashing

    Hashing is a technique used to convert readable data to a unreadable format. But remember, you would never be able to revert the hashed content back to the original. However each time you use the same input, the hashing algorithm should produce the same output. But different inputs also can produce the same output. The hashing algorithm should be smart enough to make it minimum in practical usage.

    Hashing is commonly used to protect passwords when sent through a network. The hash values of correct passwords are stored in database. The password that the user entered is hashed before sent through the network so there is no problem even if any body got it. In server side, the hash received through the network is compared with the hash in the database. If both hashes are the same then password is considered correct.

Encryption

    Unlike Hashing, Encryption is a reversible process. In other words you use a key to encrypt data and use the same key or another to decrypt it back to the original. Use encryption when you need to send data which should be correctly read by another party.

There are two main encryption methodologies.


① Symmetric Cryptography
     In Symmetric cryptography the same key is used to encrypt and decrypt data. Before sending data the key should be shared by the two parties. However if a third pary could get the key, he also should be able to decrypt the data. So there is a risk. But in a situation where data is only accessed by you this method is suitable.
 Another advantage of this method is, this is considerably faster than Asymmetric encryption.

② Asymmetric Cryptography
    In Asymmetric Encryption, there are two keys used, one for encryption and the other for decryption. You make one key public and it is available for anyone. The other key is kept private with you and it should not be revealed to anyone.

This public key - private key mechanism is little bit tricky. Following example shows you a practical case.

  Threre are two persons, A and B.
  A needs to send a message to B.
  A encrypts the message with Bs private key and send message to B.
   B receives the message and decrypts it with his own private key. Anybody other than B can't  
     decrypt the message because it can only be decrypted by Bs private key.
  Similarly if B needed to send a message to A, he should encrypt the message with A s public key.
     So that A can decrypt it with his own private key.

Digital Signature or Digital Signing is another use-case for public key - private key scenario.

This is an example
   A needs to send a message to B.
   A encrypts the message with his own private key and send message to B along with his(As) own
     public key.
   B can decrypts the message with As public key so B can ensure that the message was really sent
     by A(because only As public key can decrypts the message).

No comments:

Post a Comment