Security 101: What is Encryption?

While doing some security reading for my internship last week, I saw hashing and encryption mentioned quite a bit, and had originally thought the two terms interchangeable, believing that a hash was the result of an encryption. I was wrong though, and needed to find the difference. Luckily, Eric pushed me in the direction of a good analogy, which you can find on the ever-trusty StackOverflow.

The post explains encryption thusly (we’ll get to hashing next week):

Encryption

This can be thought of like a safety deposit box, in that the process is symmetrical. If you had the correct key to a deposit box, you could safely secure or access your goods at any time. In the same way, with an encryption key and an output you would be able to access an encrypted file.

Encryption is used in the event that you want to get back to the input at some point, but want only a certain group of individuals to have access to that input. For example, a worker might want to share a private document with a colleague. The worker would encrypt the document before sending it so that the contents could not be leaked if the document was intercepted.

Sounds great, right? Surely this would be the perfect way to protect people’s passwords! But the very benefit of encryption – the symmetricity of it – is also its’ downfall when it comes to password storage! Come back next week and I’ll explain the mysterious cousin of encryption known as “hashing”.

———————————————————————————-

This post forms one part of our Security series. You can find links to the other editions here:

Security 101: What is Encryption?
Security 102: What is Hashing?
Security Interlude: The real-world difference between Hashing and Encryption
Security 103: Rainbow Tables
Security 104: Improper Password Storage
Security 105: Seasonings (or Salts and Peppers)
Security 106: The Importance of Key Stretching
Security 107: The Hashing Algorithm, and why Bcrypt is your best friend
Security 108: The Other Stuff

———————————————————————————-