What are the differences between encryption, salting and hashing?
These security techniques have different applications but work together to get higher levels of data protection.
There are many techniques for data protection; encryption, salting, and hashing work together with their particularities to help protect data, but they're not the same. Instead, each has specific characteristics that make them perfect for working together whilst achieving different goals.
Encryption, for example, is the encoding of data so that the "readable" file is only accessible by those who have a specific key. This protects data even if there are leaks. Hashing involves calculations that can't be reversed, with unique properties that make them perfect for authentication. Finally, salting adds a special seasoning, if we may say so, to your data before it is hashed to help keep it safe during storage.
What is encryption?
In simple terms, encryption means converting data from one form (usually the understandable form) to another (incomprehensible) using an encryption key. It is done to scramble and hide information and protect it from those who don't hold the decryption key.
If any malicious user intercepts the data in its encrypted form, it will be incomprehensible. So, encryption ensures data confidentiality, and it is regularly used in web applications that use SSL, for example, but for many other processes of securing data. It can be especially useful for making sure that sensible information cannot be "read" by third-parties.
Encryption is a two-way process and can be asymmetric or symmetric. Different encryption algorithms are used to scramble the data, such as AES, the most commonly used symmetric block cipher.
What is hashing?
Hashing is the process of converting data to a fixed length called a "hash value". Different from encryption, it is a one-way process. While with encryption, data is converted with the plan to decrypt it eventually, hashing is a one-way function - it will not be dehashed. This makes it the perfect tool for authentication.
Hashing also protects data, but not in the way encryption does. Since every hash value is unique, two different files cannot produce the same hash value, and it cannot be dehashed, this technique is perfect for verifying that a piece of data hasn't been altered. Hashing, therefore, is commonly used to detect errors in a process called check-sum.
Some types of hashing are used, like MD5, SHA1, and SHA256, for example, referring to the fixed-length output.
What is salting?
In simple terms, salting is adding random data when converting it using hashing. This is where everything comes together.
By salting data, usually a password, a new layer of security to the upcoming hashing process is added, mainly to prevent a botnet from attempting every possible combination until a password is found.
So, for example, if your password is 1234 (which, if you have been reading our blog, it shouldn't be), your salt could be the word SALT. Before the hashing process, you do the salting process, creating 1234SALT. This will change the hash value created later, as the data is now different.
When you salt the password, you basically hide the real hash value, further protecting it.
All three processes serve different purposes, but all work together to protect your data in a world where cybersecurity is one of the most significant issues for companies, governments, and individuals.