Encrypting vs Hashing

You’ll hear about encryption and hashing a lot when talking about internet security. And though sometimes people use these terms interchangeably, they’re incorrect when they do that.

Hashing and encryption are two different processes.

Let’s start with encryption. Encryption is a two-way process — if you have a ‘key,’ you can decrypt an encrypted message. The algorithm that does the encrypting, of course, can be stronger (more complex) or weaker (easier to ‘break’).

Encryption is used to protect data in transit.

Hashing, on the other hand, uses an algorithm to authenticate that data has not been altered. It’s an authentication tool.

This authentication capability is based on the fact that hashing takes data of any size and produces hashes that are all the same size — say a string of 64 characters. The most important thing is that each hash — each 64 character string — is unique. Two different pieces of data, no matter how similar, cannot produce the same hash.

So, if your hash matches someone else’s stored hash, you know that your data matches their data. It’s authenticated.