In a job interview years ago, the interviewer asked me to explain the difference between encryption, encoding, and hashing. At the time I was working for a company that specialized in encryption, so I took knowing the difference for granted. It wasn’t until much later that I understood how easily most folks confuse the three topics for one another.
Encoding
Taking data in one format and converting it to another
- There are no secrets involved
- The specifications for each format are public, well-documented, and easily implemented everywhere
- Nothing special or magic about encoding, it’s merely a way to interpret and present the underlying, raw data
Remembering the difference
Encoding: a way of translating between different formats
- Hashing: converting from one recognizable thing to something uniform and simple
- encryption: protecting data behind a secret
- grinding a cow into a hamburger
- You can always make the same hamburger, but you can’t put the cow back together again
Encryption
Requires a secret (a key, password, or passphrase) that is used to convert usable data into something indistinguishable from random noise
- You can only decrypt it if you have the original secret
- Unlike encoding, an encrypted message is entirely useless if you know the algorithm
Hashing
Looks somewhat like encrypted messages
- Algorithms take a piece of plain text and convert it (with or without a key) into something indistinguishable from random noise
- Unlike encryption, there is no way back from a hash
- Hashes are one-way, and there’s no way to un-hash them
