Hashing and Encryption
~260 words ยท 2 min read
Hashing vs encryption
People confuse these, but they're fundamentally different:
- Hashing โ one-way. Input goes in, a fixed-size digest comes out, and you can't reverse it.
- Encryption โ two-way. Encrypt with a key, decrypt with a key to get the original back.
Hash functions
A hash function takes any input and produces a fixed-length fingerprint:
SHA-256("hello") = 2cf24dba5fb0a30e...
SHA-256("hello!") = 83fcb6d6... (tiny input change -> totally different output)
SHA-256("hello") = 2cf24dba5fb0a30e... (same input -> same output, always)
Key properties of a cryptographic hash:
- Deterministic โ same input always gives the same hash.
- One-way โ you can't recover the input from the hash.
- Avalanche โ a one-bit change flips roughly half the output bits.
- Collision-resistant โ hard to find two inputs with the same hash.
Passwords should be hashed, never encrypted. If you could decrypt them, so could an attacker who steals the key.
Why salt?
A salt is a random value added to a password before hashing. Without it, identical passwords produce identical hashes โ and attackers precompute giant "rainbow tables" of common passwords. A unique salt per user defeats those tables.
Symmetric vs asymmetric encryption
- Symmetric (AES) โ one key for both encrypt and decrypt. Fast, best for bulk data.
- Asymmetric (RSA, ECC) โ public/private key pair. Slower, but solves key exchange and signatures.