If you are a programmer, you must have come across these terms. Especially when coding to make something secure from a data breach. But what do each of these terms mean and how they are different from each other. Let us dig deep to find out.

What is Encryption?

Encryption is the practice of reordering or modifying intended information in a way that can only be restructured to the original content with a particular key.

Encryption is a two-way function which means it must have a one to one mapping. When you encrypt something, you're doing so to decrypt it later. Every message should have a unique encrypted counterpart that can be decrypted to get the original data without ambiguity.

The algorithm or function that is used to encrypt data is called a cypher.

Different cyphers encrypt data in different ways. We will be learning about cyphers in detail later. But most cypher functions take two arguments the intended message and the key, to produce an encrypted message which is difficult to decrypt without the key.

What is Hashing?

Hashing refers to mapping data of any size to a fixed length called a hash value. Unlike encryption, which is a two-way function, hashing is a one-way function. While it's technically possible to reverse-hash a hash value, the computing power required makes it unfeasible.

Encryption is mainly used to protect data in transit over the internet, whereas hashing is mainly used to verify that a file or piece of data is not altered.

Hashing is also used while saving passwords to ensure that other portals having the same password do not get compromised if a data breach occurs. In other words, if you are using the same password as your bank for your finocontrol account. Even if finocontrol servers get compromised the attacker won't be able to log in to your net banking portal easily.

Even database administrators can not find out the password you are using.

What is salting?

Salting is an additional step performed while hashing a password. It is a unique value that is added to the end of the password to create a different hash value. Doing this prevents hackers from getting the correct hash using the brute force attacks.

Hackers often try every possible password from an available password store which contains English words, number combinations such as 12345 and so on as well previously compromised passwords of other users until they get the right hash. This type of attack is called a dictionary attack.

By salting, we add a random yet unique string to the end of the password, making it impossible to crack using brute force attacks.

For example, let us say the password I want to use is ABCD4321 we add salt - mySecretSalt to the end of the password giving me a new password - ABCD4321mySecretSalt to perform hashing. This new password is difficult to come by using brute force.

Stay tuned to finocontrol for more exciting content.

credits

knowledgebooster