DAY 11/30

(Part of my 30-Day SOC Analyst Learning Challenge)

ENCRYPTION VS HASHING
EXPLAINED

BY HARSH KADU
Encryption

Encryption is a two-way cryptographic process that transforms readable data (plaintext)

into an unreadable format (ciphertext) using an algorithm and an encryption key. This
transformation ensures data confidentiality by preventing unauthorized access. The data
can later be decrypted back to its original form using a key, ensuring that only authorized
parties can access the original content.

Key Points:

• Reversible: The process can be reversed through decryption, making it a two-way

operation.

• Requires Key(s):

o Symmetric Encryption: Uses a single key for both encryption and decryption.
It is fast but requires a secure method of key exchange (e.g., AES).

o Asymmetric Encryption: Uses a pair of keys—a public key for encryption and
a private key for decryption. This is more secure for key exchange but slower
than symmetric encryption (e.g., RSA, ECC).

• Used for Data Confidentiality:

o Ensures that sensitive information (e.g., personal data, financial details) is

kept private during storage or transmission.

o Commonly used in secure communication protocols (e.g., HTTPS, TLS/SSL)

and encrypted storage (e.g., disk encryption).

• Examples:

o AES (Advanced Encryption Standard) for symmetric encryption.

o RSA for asymmetric encryption.

BY HARSH KADU
 o TLS/SSL for securing web traffic.

Encryption in Practice:

• Data in Transit: When data is transmitted over the internet, encryption (e.g., HTTPS)
ensures that sensitive data like passwords, credit card numbers, and personal
information cannot be intercepted by unauthorized parties.

• Data at Rest: When sensitive data is stored on devices (e.g., encrypted hard drives),
it prevents unauthorized access to the data even if the physical device is
compromised.

• Digital Signatures: Asymmetric encryption also enables digital signatures, which

verify the authenticity of messages or documents, ensuring that the data hasn’t
been tampered with during transmission.

Hashing

Hashing is a one-way cryptographic function that transforms data (of any size) into a fixed-
length string (hash value) that uniquely represents the original data. Hashing is irreversible,
meaning that once data is hashed, it cannot be converted back to its original form. It is
primarily used to ensure data integrity by detecting changes or tampering.

Key Points:

• Irreversible: Hashing does not allow the original data to be recovered from the hash
value. This makes it unsuitable for storing data that needs to be decrypted later (like
passwords).

• Used for Data Integrity: Hashing helps in verifying whether data has been altered or
tampered with, making it useful in detecting unauthorized changes.

• Common Applications:

o Password Storage: Instead of storing plaintext passwords, systems store

hashed versions of passwords. When a user logs in, the system hashes the

BY HARSH KADU
 entered password and compares it with the stored hash. Common hashing
algorithms include SHA-256, bcrypt, and PBKDF2.

o File Integrity Checks: Hashes are used to check the integrity of files. If a file's
hash value changes, it indicates that the file has been altered (e.g., malware
infection or data corruption).

o Digital Signatures: Hashing is often used to generate a fixed-size hash of data

(e.g., a message or document) which is then encrypted with a private key to
create a digital signature.

• Common Hashing Algorithms:

o MD5 (though now considered weak and obsolete for cryptographic

purposes).

o SHA-1 (no longer secure for most purposes).

o SHA-256: Part of the SHA-2 family, widely used for data integrity and
blockchain.

o bcrypt and PBKDF2: Specifically designed for secure password storage.

Hashing in Practice:

• Password Hashing: When users set a password, the system hashes the password and
stores the hash. During login, the entered password is hashed again and compared
with the stored hash. This ensures the system never stores the plaintext password.

• Data Integrity: If you download a file from the internet, the website often provides a
hash value (checksum) for the file. After downloading, you can hash the file and
compare the result to the provided hash to verify the file's integrity and ensure it
hasn't been tampered with during download.

• Blockchain: In blockchain technology, transactions are hashed to form a chain of

blocks, ensuring that once data is recorded, it cannot be altered without changing all
subsequent blocks (providing immutability).

BY HARSH KADU
Key Differences Between Encryption and Hashing:

Feature Encryption Hashing

Process
Two-way (reversible) One-way (irreversible)
Type

Data integrity (detecting changes or

Purpose Data confidentiality (protecting data)
tampering)

Requires key(s) (symmetric or

Key Usage No keys required
asymmetric)

Variable (depends on algorithm and

Output Size Fixed (e.g., 256-bit for SHA-256)
input size)

Secure communications, encrypted Password storage, file integrity,

Use Cases
storage, etc. digital signatures

Irreversible (cannot retrieve original

Reversibility Reversible (decryption with key)
data)

By understanding these concepts in-depth, you can apply the correct cryptographic method
depending on whether your goal is to protect data confidentiality (encryption) or ensure
data integrity (hashing).

BY HARSH KADU
Stay tuned for my next…

BY HARSH KADU