Encryption and hashing are two commonly used words you’ll come across in data protection, but they can be confusing to non-techies.
So here’s our guide to what both of these terms actually mean.
What is Encryption?
Encryption means simply scrambling data into an unreadable format. It does this using an encryption algorithm.
The original data (the input) is called plaintext, and the scrambled data created by the encryption algorithm is called the ciphertext (the output).
A key can then be used to reverse the encryption process – this will convert the ciphertext back into plaintext.
Here’s a graphic showing this:
Confused? Here’s an example.
Encryption is like a secret code that only you and your friend know.
Imagine that you and your friend have a secret message that you want to send to each other, but you don’t want anyone else to be able to read it. So, you come up with a secret code that only the two of you know.
First, you write your secret message on a piece of paper. Then, you use your secret code to scramble the letters and numbers into a jumbled mess that looks like gibberish to anyone who doesn’t know the secret code. This jumbled mess is like ciphertext in encryption – it’s unreadable to anyone who doesn’t have the key to unlock it!
Next, you send the scrambled message to your friend, who uses the same secret code to unscramble the message and turn it back into readable text. This is like using the encryption key to decrypt the ciphertext and turn it back into readable data.
Now, even if someone else reads your message, they won’t be able to read it because it’s in a secret code that only you and your friend understand.
So, what’s hashing then?
Hashing is a one-way process that converts data into a scrambled code that cannot be decrypted.
I will say that again for emphasis: it cannot be decrypted.
We’ll cover this in more detail later on, but the encrypted data after hashing has been done, is often used for password storage and validation, as it provides an extra layer of security against unauthorized access.
And since hashing is a one-way process as it cannot be decrypted, it cannot be reversed back to the original input data.
And what’s salting?
Now that you hopefully understand what encryption and hashing are respectively, let’s go one step further. To make hashing even more secure, a technique called salting is often used. Salting involves adding a random sequence of characters to the original input data before hashing it. This ensures that even if an attacker obtains the hashed data, it would be difficult to crack the password without knowing the salt value used. Think of it as a bit like double password.
How do VPNs use encryption?
For this one, it’s probably best if I use an easy-to-understand example:
- A VPN uses encryption to scramble your online data into a format that’s unreadable to prying eyes. That way, your internet service provider, government agencies, or any other third parties won’t be able to see what you’re doing online.
- VPNs typically use military-grade encryption like what’s called Advanced Encryption Standard (AES) 256-bit to ensure maximum security. This is like putting your message in a lockbox with a combination lock that has a BILLION BILLION possible codes.
- Your data is encrypted when it leaves your device and travels through the VPN tunnel to the VPN server. Once it reaches the server, it’s decrypted and sent to its destination.
- This process happens in reverse when data is sent back to your device from the internet. It’s encrypted on the VPN server, travels through the VPN tunnel back to your device, and then gets decrypted so you can see it.
- In other words, both sending and receiving data over a VPN is encrypted.
- Some VPNs even use a flashy feature called “perfect forward secrecy” – which changes teh encryption key used for each VPN session. This means that even if someone managed to obtain the key for one session, they wouldn’t be able to decrypt any future sessions.
So, if you want to keep your online activities private and secure, use a secure VPN that uses strong encryption. Thankfully, that’s most of them nowadays.
Here’s an example of the different, secure encryption methods used by the top 3 VPNs:
What’s this about ‘encryption algorithms’?
Encryption has been used throughout history to protect sensitive information from prying eyes. Today, we have encryption algorithms too. These are used in computer systems to make data unreadable to unauthorized users.
Here are some important things to be aware of when it comes to encryption algorithms:
- Basic encryption algorithms have been used since ancient times, but mechanical encryption devices like the Enigma Machine made it possible to create more complex algorithms. Breaking the Enigma Machine during World War II was a turning point in the war and the birth of modern computing.
- Today, encryption algorithms are computerized and can make ciphertext literally impossible for a human to decode. However, cybercriminals are always trying to find ways to circumvent encryption, so the battle between cybersecurity experts and hackers is ongoing.
- There are several types of encryption algorithms, including asymmetric and symmetric encryption algorithms, which are the most common.
- Symmetric encryption algorithms use only one secret key to encrypt and decrypt the data. The key needs to be shared between parties, and if it’s leaked, it can be reconstructed by attackers.
- Asymmetric encryption algorithms use two keys, a public key, and a private key. The private key is kept secret and never needs to be transmitted or shared, making it inherently easier to protect.
- Some examples of encryption algorithms that use symmetric keys include AES, DES, IDEA, Blowfish, RC4, RC5, and RC6. Examples of encryption algorithms that use asymmetric keys include RSA, Diffie-Hellman, and elliptic-curve algorithms.
Now that’s all cleared up, it brings us onto “Hashing”.
Why You Can Trust VPN Hound We're completely independent from any VPN provider or company. We've spent thousands of hours curating and hand-testing all the big & small VPN services, and have been doing so since 2018.
Total hours testing:
Funds spent on testing:
What is “Hashing”? An Overview.
Hashing is used in cybersecurity to secure sensitive information, particularly passwords.
Have you ever wondered how your passwords are stored on websites and apps? Maybe not, but let me tell you. The answer lies in a technique called “hashing”!
When you create a password, it goes through a hashing algorithm and gets stored on the site’s data cache in a nonsensical, standardized hash format. This way, if a cybercriminal hacks the data, all they have is a bundle of hashed passwords that can’t be used as login credentials because there is no key to unlock the data in its original form.
But wait, what exactly is a hash? Well, think of it like this – you’re making a fancy smoothie. You start with a bunch of different ingredients (your password), and blend them all up (hashing algorithm). The result is a smoothie (hash) that is a unique blend of all the ingredients, but you can’t separate them out again once they’re blended. In the same way, a hash is a unique “fingerprint” of your password that can’t be reverse-engineered back into the original password.
Here are some things to know about hashing in general:
- Hashing takes data input and creates a fixed-size hash output. The same input always produces the same hash, making it useful for password storage and identification of data recurrences. More on this later.
- Hashes are often built from hexadecimals, which enables large blocks of plaintext or very short plaintext to be compressed or expanded into a unique hash.
There are several hashing algorithms to choose from, including MD5, SHA-2, CRC32, RipeMD, Tiger, xxHash, BCrypt, and Argon2.
- MD5 is one of the oldest and most widely-used hashing algorithms, but it is starting to show its age lately and isn’t as secure as it once was.
- SHA-2 is a cryptographic hash function that builds on the older SHA-1 algorithm (no sh*t!). It uses six hashing algorithms in 244-, 256-, 384-, or 512-bit configurations.
- CRC32 is used mostly in zip files or for file integrity checks, and it produces the same hashed output every time it is run.
- RipeMD is a cryptographic hashing algorithm that is used in the Bitcoin standard and is available in multiple bit configurations, with 160-bit being the most popular.
- Tiger is a hash function invented to work with 64-bit platforms, and xxHash is a non-cryptographic hash function known for its exceptional speed.
- BCrypt is designed to be slow, making password cracking more time-consuming and discouraging cybercriminals attempting to execute quick attacks.
- Argon2 uses an “adaptive” hashing algorithm that can be calibrated with a “work factor,” making the hash more or less complicated.
Hashing is a critical component of cybersecurity, particularly when it comes to securing passwords. I hope you found this guide useful, please tell us in the comments if you want any point to be clarified.