โ† Security Fundamentals

Hashing and Encryption

~260 words ยท 2 min read

Hashing vs encryption

People confuse these, but they're fundamentally different:

  • Hashing โ€” one-way. Input goes in, a fixed-size digest comes out, and you can't reverse it.
  • Encryption โ€” two-way. Encrypt with a key, decrypt with a key to get the original back.

Hash functions

A hash function takes any input and produces a fixed-length fingerprint:

SHA-256("hello")   = 2cf24dba5fb0a30e...
SHA-256("hello!")  = 83fcb6d6...   (tiny input change -> totally different output)
SHA-256("hello")   = 2cf24dba5fb0a30e...   (same input -> same output, always)

Key properties of a cryptographic hash:

  • Deterministic โ€” same input always gives the same hash.
  • One-way โ€” you can't recover the input from the hash.
  • Avalanche โ€” a one-bit change flips roughly half the output bits.
  • Collision-resistant โ€” hard to find two inputs with the same hash.
Passwords should be hashed, never encrypted. If you could decrypt them, so could an attacker who steals the key.

Why salt?

A salt is a random value added to a password before hashing. Without it, identical passwords produce identical hashes โ€” and attackers precompute giant "rainbow tables" of common passwords. A unique salt per user defeats those tables.

Symmetric vs asymmetric encryption

  • Symmetric (AES) โ€” one key for both encrypt and decrypt. Fast, best for bulk data.
  • Asymmetric (RSA, ECC) โ€” public/private key pair. Slower, but solves key exchange and signatures.