Hashing vs. Encryption vs. Encoding vs. Obfuscation
What We’ll Be Learning
There are lots of ways to secure or hide data in an application, and it’s an important part of cybersecurity. In fact, Sensitive Data Exposure is on OWASP’s list of the top ten most critical security risks to web applications. How can we protect information in an application?
In this article we’ll cover:
- Encryption
- Hashing
- Encoding
- Obfuscation
Encryption
Cryptography is the science of hiding data and making it available again. In cryptography, hiding data is called encryption and unhiding it is called decryption. When data is securely exchanged, it is first encrypted by the sender, and then decrypted by the receiver using a special key.
There are two main types of encryption: symmetric and asymmetric.
- Symmetric encryption uses the same key to both encrypt and decrypt data.
- Asymmetric encryption uses two different keys to encrypt and decrypt data.
Symmetric Encryption
Symmetric encryption is the fastest way to encrypt data, and the most common for sending large chunks of data, however, it has one major vulnerability: if you send someone your key, then it’s in a form that any other person can read. That means your data is vulnerable to being stolen.
Asymmetric Encryption
Asymmetric encryption differs from symmetric encryption in one way: Instead of one key, you have a key pair. A key pair is made up of a public key and a private key.
- The public key can be given to anyone and is only used to encrypt data.
- The private key is kept secret and is only used to decrypt data.
What’s the use of having two keys? Having two keys mean you are the only person who ever has access to the private key used to decrypt data, so it is impossible for someone to intercept and read your messages.
For example, if you want to receive an encrypted message from someone, you would first generate a key pair and give them the public key. Then, they would write a message and encrypt it using the public key you gave them. Finally, they would send you the message and you would decrypt it with your private key.
Asymmetric encryption is the most secure way to transmit data; however, it is slower and more complex than symmetric encryption. Therefore, it is primarily used to exchange smaller pieces of data.
Author
'The Codecademy Team, composed of experienced educators and tech experts, is dedicated to making tech skills accessible to all. We empower learners worldwide with expert-reviewed content that develops and enhances the technical skills needed to advance and succeed in their careers.'
Meet the full teamRelated articles
- Article
Authentication vs Authorization vs Encryption
In this article, you’ll get an overview of three key concepts in web security: Authentication, Authorization, & Encryption. - Article
Password Attacks
In this article, you’ll learn about passwords, and how they can be an exploitable weak point for attackers.
Learn more on Codecademy
- Skill path
Securing Express Applications
Learn how to defend against malicious attacks and improve user experiences using sessions, cookies, and password authentication.Includes 5 CoursesWith CertificateIntermediate8 hours - Free course
User Authentication & Authorization in Express
In this course, you'll learn how to implement User Authentication and Authorization in an Express web application.Intermediate5 hours