UnicMinds

Encryption vs. Hashing vs. Salting vs. Checksum

Encryption vs. Hashing vs. Salting vs. Checksum

Encryption 

Encryption converts data into an unreadable format, ensuring only those with the appropriate decryption key can access it. It’s crucial for securing data during transfer (e.g., over the internet) and storage (e.g., on servers). Without the decryption key, encrypted data remains inaccessible, protecting sensitive information.

Symmetric Encryption:

  • Uses the same key for both encryption and decryption
  • Faster and more efficient for large data transfers
  • Requires secure sharing of the key between trusted parties
  • Used for securing communication over VPNs, encrypting files, or protecting databases
  • Popular algorithms: AES, DES, Triple DES (3DES), and Blowfish

Asymmetric Encryption:

  • Utilizes two keys—a public key (to encrypt data) and a private key (to decrypt data)
  • More secure as it eliminates the need to share secret keys
  • Well-suited for smaller data exchanges and digital signatures, offering authentication alongside encryption
  • Common algorithms include RSA, ECC, and Digital Signature Algorithm (DSA)

Block and Stream Ciphers:

  • Block Ciphers (e.g., AES): Encrypt data in fixed blocks, making it highly secure for stored data or HTTPS communications.
  • Stream Ciphers (e.g., RC4): Encrypt data bit by bit, suitable for real-time data like live video or secure messaging.

Hashing

Hashing is a one-way process that converts input data into a fixed-length string (hash). It’s commonly used to verify data integrity, detect tampering, and securely store passwords. Unlike encryption, hashes cannot be reversed to reveal the original data.

  • MD5: Fast but outdated due to weaknesses against collision attacks (different inputs producing the same hash). 
  • SHA-1: Produces 160-bit hashes; however, it’s deprecated due to security vulnerabilities. 
  • SHA-256 (part of SHA-2): A more secure and widely-used algorithm ideal for blockchain, SSL certificates, and data storage.
  • SHA-3: Delivers enhanced security based on the Keccak algorithm, offering a robust choice for IoT and post-quantum encryption systems.
  • Bcrypt: Includes built-in salting and adapts to computational advances, making it a go-to choice for password storage.
  • Argon: A winner of the Password Hashing Competition, offers advanced customization and resistance to cracking attempts.

How is Hashing different from Checksum?

Hashing and Checksum have some similarities for sure. Checksum is used to logically include all bits of data that is being transferred to ensure the original data is not corrupted unintentionally. Checksum is deriving a short piece of data from a long form data. 

Checksum is not designed to be one way. With some motivation, checksum can be reversed by people having the intention. Hashing, on the other hand, is designed to be computationally difficult to be reversed. Hashing is primarily designed to create a unique digital thumbprint of the data and is majorly used in password security. Checksum is designed only to identify the integrity of data during transmission to ensure there is no transmission error.

The problem with checksums are: checksums use XORing of 1s and 0s or it counts the number of 1s and 0s or similar techniques. The issue is if you flip two bits of 0 to 1 and 1 to 0, then the checksum would still remain the same. The point is that it is nearly always possible to modify the data and keep the checksum the same. And, checksums have a high chance of collision. So, if you don’t want collision, then hashes are your best bet even though hashes too have collisions.

Salting the Hash 

A technique of adding a random string of letters and numbers (called salt) to the password itself. This random string should be stored in a separate database and retrieved and added to the password before it’s hashed. By salting the hash, one can ensure that users with the same password have different hashes, making it difficult for hackers to use precomputed tables (example: rainbow tables) to crack the hashes.

Can Encrypted Data be Hashed?

Yes, encrypted data can be hashed. But, why is it required? It is to check if the encrypted data is corrupted or changed in any way. However, it is not often that encrypted data is hashed because encryption itself offers strong data protection.

Hope this is useful, thank you.

You may like to read: The Mathematics of Sea Shells, Cybersecurity Laws & Regulating Bodies, & Monitor & Injection modes in WiFi Adapters 

Leave a Comment

Your email address will not be published. Required fields are marked *

BOOK A FREE TRIAL