Hashing vs. Encryption– these terms might have confused many newbies in the IT world. Many of you have the perception that hashing, and encryption are similar. Both are different in nature and functions. Encryption can be a reverse process while hashing is not. When we discuss about a hashing then, it is a one-way process while encryption is a two-way process like encrypting the data and decrypt it.
This article will go into detail about hashing and encryption, elaborating the difference and where all these two terms are used.
What is Hashing Algorithm?
Hashing is the alteration of few strings of characters that are usually shorter in length but are fixed in value. Hashing is just perfect medium to store passwords, as the hashes are intrinsically one-way in their nature. Hashing generally plays a very crucial role in the security systems formations and implementation, where they are utilized to make sure that transmitted messages or texts are not being tampered with any threats or malicious activity.
Hashing is ideally used to index and retrieve items in a database, by this, it becomes faster to locate the item and use the shorter hashed key.
In Hashing, the sender produces a hash of the message, then it gets encrypts, and later sends it with the message itself. Next, the recipient decrypts the message received and the hash and develops another hash that is from the received text. This later compares the two hashes received till now. Here, in that they are same then there is a high prospect that the message is transmitted intact with no flaw.
Types of Hashing Algorithms :
Message Digest Algorithm v.5 aka MD5 algorithm was stipulated in 1992 year to replace the MD4 algorithm. This algorithm transforms information into a 128-bit hash value. It is a very old and most used hashing algorithm in the world. It generates a 16-byte hash value and is more often than not expressed as a 32 digit hexadecimal number.
MD5 has been phased out due to hash collision vulnerabilities. A Flame malware in 2012 has exploited the MD5 algorithm and the Software Engineering Institute has deemed MD5 as a broken algorithm and not suitable for further use. Still today, the algorithm does a checksum to confirm data integrity for accidental corruption.
SHA-0 is the first algorithm of the SHA family. However, the NSA in a short period withdrawn SHA-0 due to a flaw discovered in its design. To replace SHA-0, SHA-1 was introduced with fixing the issue in design.
SHA1 (Secure Hash Algorithm) is the second version of SHA0, which transforms information into a 160-bit hash value knowing as a message digest. SHA was designed to replace the MD5 algorithm and was published in FIPS PUB 180-1 and designated as SHA-1 algorithm by the NIST.
SHA-1 can be used in different applications and protocols like TLS, SSL, S/MIME, IPsec, SSH. NIST has denied the practice of SHA-1 in digital signatures in 2013.
However, all browser vendors have discontinued using SHA-1 SSL certificates in the 2017 year.
SHA-2 is the next version of the SHA algorithm that comprises six hash functions with four hash values like SHA-224, SHA-256, SHA-384, SHA-512. SHA-256 and SHA-512 carry 32-bit and 64-bit. SHA-2 is secured against collision attack. Each hash value is exemplified by its size.
However, SHA-2 is more secure and popular than the SHA-1 algorithm. The SHA-2 algorithm is used in USA government applications to secure the information.
After 2010, the US government advised using the SHA-2 algorithm instead of the SHA-1 algorithm for their applications.
Cyclic redundancy check (CRC) is a type of code that identifies the changes made between source data and target data or any data corruption. When you encode data using CRC32, the hash output will be the same therefore, CRC32 is used for file integrity checksum. This type of algorithm is rarely used nowadays.
In the CRC32 algorithm, data verification or checksum value is a redundancy, and the used algorithm is based on cyclic codes.
LANMAN algorithm is used to store passwords, especially in old windows systems. It is used by Microsoft LAN Manager. LANMAN works on DES algorithms used to generate the hash.
However, this algorithm is not so secure as it can be exploited by Brute Force attacks. The stored password hashes can be cracked easily and Microsoft, therefore, has banned its usage as a default storage system.
RIPEMD hashing was created in 1992 while its other versions (RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320) were introduced in 1996. RIPEMD 160 is commonly used as it creates a long hash with enough security for applications.
RIPEMD hashing is not so famous as SHA algorithm variants still, they are used in bitcoins and other cryptocurrencies.
The design of RIPEMD was built on the MD4 hash function. Due to weakness found in RIPEMD, other variants of this hashing were introduced.
Tiger hashing algorithm was introduced in 1995 with supported 64-bit platforms. Tiger cipher algorithm carries 192-bit hash value.
This algorithm is rapid and efficient compare to MD5 and SHA variants. Tiger v.2 is a new variant of the original algorithm that is potent than the Tiger algorithm.
Whirlpool was introduced in the 2000 year and it is freely available for anyone. However, the designers have not yet copyrighted it. Whirlpool carries a 128-bit hexadecimal string, which is a modified version of AES (Advanced Encryption Standard).
The variant of this algorithm are Whirlpool-0, Whirlpool-1 and whirlpool is the latest version. There is no evidence of any attack that happened on the Whirlpool hashing algorithm.
Which Algorithm Creates the Most Secure Hashes?
Each algorithm is used in special platforms like bitcoin and other cryptocurrencies use RIPEMD while SSL certificates after deprecation of SHA-1, use the SHA-2 algorithm. However, SHA-3 was introduced in 2015 but it is not widely accepted by browsers and the CA/B forum. If a rough survey is made, you will find the SHA-2 algorithm most secure in a moderate way. Still, SHA-1 is used where the sensitivity of data is not important.
The issue with hashing algorithm is that it becomes obsolete soon as computational capacity is increasing gradually. Even, CPU speed is also increasing by 60% more per year whereas the latency of RAM is also decreasing by 10% every year. It means computers are getting speedier every year. With the rise in computer speed, hashing algorithms are advancing.
The below table shows the advancement of hashing algorithms and their status of vulnerable along with their author.
|Hash||Number of bits||Passes||Cracked?||Author||Date launched|
|HAVAL||128||No||Yuliang Zheng, Josef Pieprzyk, Jennifer Seberry.||1992|
|RIPEMD-320||320||No||Hans Dobbertin, Antoon Bosselaers, Bard Preneel.||1996|
|Whirlpool||512||No||Paulo Barreto, Vincent Rijmen||2001|
When Hashing Algorithm Used?
Hashing is just perfect medium to store passwords, as the hashes are intrinsically one-way in their nature.
By storing the passwords in a hash format, it’s very tricky for a hacker or someone who has the access to the raw data to invalidate it.
When storing a password, hash the password with a salt, and then later whenever you log-in or attempt to do so, hash the password is to be submitted and compared with the stored hash.
If the two matches up, while online then nearly all the user entering the password at that moment is the right one.
What is Encryption?
The answer is Encryption is the process of converting plaintext into ciphertext so that only an intended party can identify the information. Encryption works on two keys like public key and private key. However, encryption is of two types: symmetric and asymmetric encryption.
In symmetric key encryption, a single key is used encrypt and the decrypt the data. In Asymmetric encryption, a single key is to encrypt the data while the other private key is to decrypt the data.
How Does Encryption Work?
Encryption is a process to scramble data into an unreadable format. When data passes through the encryption process, the hacker cannot intercept it. The data remains secure in transit and at rest. Such scrambled code is named ciphertext while unencrypted data is called plaintext. When an authorized person tries to read the data either stored on a hard drive or cloud storage or in transit, the encoded text is changed back to plaintext. The question here you may have about decoding the information. The answer is Private key. A key can decode the data and make it readable as plaintext. There may be a single or dual key used in an algorithm to encrypt and decrypt the data.
It is to keep in mind that a private key should be kept secretly on the server to save it from access by a hacker. If a private key is accessed by an unknown person, he can decrypt the information and misuse it.
Types of Encryption Algorithm :
There are few types of algorithms like AES, RSA, Triple DES, Asymmetric, Symmetric, Probabilistic, Deterministic algorithms where a public key and a private key are used to encrypt and decrypt the information.
Below we have focused on current algorithms like symmetric and Asymmetric algorithms.
Symmetric encryption is an algorithm for cryptography that uses a single key for encryption and decryption of information. It works on stream ciphers or block ciphers. A key is shared with involved parties who can maintain data privacy. Symmetric algorithms like Twofish, AES, Camelia, ChaCha20, Blowfish, Skipjack, and IDEA are few examples. A user applies the same key to encrypt the information and forwards the same key to the opposite party to decrypt the information.
Asymmetric cryptography or public-key cryptography works on dual key pair that encrypts and decrypts with different keys. A public key is shared without negotiating security. A person encrypts the message with the receiver’s public key and can only be decrypted with the receiver’s private key. A dual key makes asymmetric encryption stronger and safe than symmetric encryption. DSA, RSA, ECC, Diffie Hellman, and PGP are few examples of asymmetric cryptography.
Historical Encryption Algorithms
Before the arrival of modern algorithms, there was an old type of algorithms used. Below are few examples of them:
Shift Cipher: Shift Cipher replaces the alphabets with another positions. For example,
plaintext: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
ciphertext: X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
if we shift the letter “A’ with “X” and do the same for other alphabets, then an encrypted and decrypted message will look like as below:
Alice: How are you?
Alice Encrypted Text: ELT XOB VLR?
Bob Responded Text: F XJ CFKB
Now, we decrypt above reply:
Bob: I am fine.
In this type of cipher, two parties agree to decide alphabets or numbers for encrypting and decrypt the message. They shift the numbers of alphabets/numbers and creates a decryption/private key.
Substitution Cipher: A substitution cipher is a method of encryption in which units of plaintext are replaced with ciphertext using a fixed system. These units can be a single letter, pair of letters, or mixture of single and pair of letters. The receiver decrypts the message with reverse substitution.
Transposition Cipher: Transposition Cipher refers to a regular system in which units of plaintext are moved in such a way that creates a substitution of the plaintext. Rail Fence and Route ciphers are examples of the transposition cipher method.
In the above example, the sentence “WE ARE DISCOVERED FLEE AT ONCE” is written in a grid with proper dimensions. To make it ciphertext, the key has a specified pattern that starts clockwise from the top of the right and looks like as below.
Polyalphabetic Cipher: Polyalphabetic cipher substitution-based cipher that uses multiple replacements of alphabets. Vigenère cipher is an ideal example of the polyalphabetic cipher. There can be many relations or matches between a single plain text character and ciphertext. In this cipher method, plain text letters of various positions are ciphered with different ciphertext alphabets.
Nomenclator Cipher: Nomenclator means a list of words/names. Nomenclator uses a combination of codes and ciphers. This cipher system was popular earlier in the 1400-1850 years. It replaces text with symbols to produce specific decipher codes.
Few Other Encryption Algorithms :
AES: AES (Advanced Encryption Standard) was developed as an alternative to the DES algorithm. The NIST has approved the AES algorithm in 2001. It has different key sizes and block sizes. It has two base functions like substitution and permutation.
In AES, a plaintext is converted into blocks, and encryption is applied with the encryption key. It includes processes like sub bytes, shift rows, round keys. AES is rapid than the DES algorithm because AES has multiple key length options that make it hard to crack.
PGP –PGP is another extensively spread encryption algorithm which is relatively well-liked as a public key encryption algorithm.
DES: DES (Data Encryption Standard) is a type of Symmetric encryption method which was developed by IBM in 1976 and was adopted by Federal agencies in 1977 for the protection of sensitive and unclassified government data. DES algorithm was included in TLS 1.0 and 1.1 that uses a 56-bit key. This type of algorithm divides 64-bit into two individual 32-bit blocks and the encryption process is applied separately on each block.
The encryption process in the DES method involves permutation, substitution, XOR logical operation, expansion practices.
3DES: 3DES is also known as the Triple data encryption algorithm, which is an upgraded version of the DES algorithm. 3DES came into practice in 1990. It became a part of TLS, SSH, IPsec, OpenVPN. The algorithm applied encryption thrice times on each block that makes it harder to break in comparison to the DES algorithm.
Due to discovery of Sweet32 vulnerability, the NIST has superseded this algorithm in 2019. Even TLS1.3 has also deprecated the use of a 3DES algorithm.
ECC: ECC (Elliptic Curve Cryptography) is a data encryption key that works on encryption and decryption of data using the public key and private key. ECC is an alternative technique of RSA cryptography. Due to growing key size, ECC came into focus which has a smaller key size with enhanced security performance.
ECC works with public key cryptographic systems and generates keys that difficult to crack for hackers. ECC works on y²=x³ + ax + b equation. ECC has smaller key sizes starting from 160, 224, 256, 384, and 521-bit sizes.
RSA: RSA (Rivest-Shamir-Adleman) is a public-key cryptosystem used to secure data transit between the client and the server. It is a slow algorithm compare to the ECC algorithm hence, it is mostly used in a symmetric algorithm for transferring shared keys. RSA works on the public key and private key for encryption and decryption. Due to vulnerabilities found, RSA seems a weak algorithm. Even at the time of encryption and decryption of a large volume of information, RSA works very slow.
Purpose of Encryption:
Encryption is a two-way process: encryption and decryption. When it is time to secure cloud data or data transmission between the client machine and the intended server, encryption is used. With the rising cybercrime day-by-day, it is necessary to take care of customers’ data. Few key elements discussed below establish encryption.
Data Confidentiality: Encryption makes data unreadable while converting it into gibberish code. Hackers cannot sniff the data during data transition means the data remains confidential and can be decrypted who have its private key.
Data Integrity: When a digital signature is added, the motto to do so is to ensure data integrity. Data travels between the user and the server is not being altered. Data integrity ensures customers about the safety of information.
Data Authentication: Data authentication is possible in encryption as the sender of a message is verified. A public key is to encode the data while a private key is to decode the data. The certificate authority who issues a certificate authenticates the signature and the keys.
Difference Between Hashing and Encryption
Before understanding the difference between Hashing and Encryption, let us discuss encryption and hashing briefly.
Encryption: Encryption is a process of converting plaintext into an encoded message that is in an unreadable format. An encrypted message can be decrypted with a key. Modern encryption works on a public key and private key for encryption and decryption purposes.
Hashing: Hashing converts plaintext into a hash key with the use of a hash function. The hash keys reside in a database and compare whether the original information is matched or not. Hashing is used to store login passwords.
|Encryption is used to encrypt the information while on other hand, the intended receiver can only decrypt the information.||Hashing is used to create a key that signifies the original information.|
|Encryption transforms the data into an encoded format and keeps it a secret from prying eyes.||Hashing retrieves data from the database and indexes it.|
|The original information can be fetched again.||The original information cannot be recovered.|
|Encryption is less secured than Hashing.||Hashing is more secure than encryption.|
|Encryption always creates a new key for each data.||Hashing sometimes creates the same key for new information.|
|RSA, AES, Blowfish are examples of encryption||MD5, SHA-256 are few examples of hashing function.|
|The size of encrypted information will be increased with the growth in the information.||The size of hashed information remains the same even the length of the information is increased.|
|Encryption is a two-way function (encryption and decryption)||Hashing is a single way function that changes information into an irretrievable digest.|
Many of you might have confusion about encryption and hashing terms and hopefully, it is now solved with this piece of information.
Data encryption and hashing both are useful information to make the object of cryptography successful.
Both are identically same yet have a difference. While it is a time for information integrity, hashing stands alone. On other hand, data confidentiality can be achieved with encryption.