Encryption and Hashing
Keeping data secure
Encryption scrambles data (plaintext) into ciphertext using a key and an algorithm, so that intercepted data is meaningless without the key. Only someone with the correct key can decrypt it back. Encryption protects confidentiality in transit and at rest.
Symmetric encryption
The same key is used to encrypt and decrypt.
- Fast and efficient for large amounts of data.
- Problem: the key must be shared securely with the recipient — if intercepted, the encryption is broken (the key distribution problem).
Asymmetric (public-key) encryption
Uses a key pair: a public key (shared openly) and a private key (kept secret).
- Anyone can encrypt a message with the recipient's public key, but only the holder of the matching private key can decrypt it.
- Solves the key-distribution problem, but is slower than symmetric.
- Real systems often combine both: asymmetric encryption to securely exchange a symmetric session key, then fast symmetric encryption for the data (e.g. HTTPS/TLS).
Digital signatures
The sender encrypts a hash of the message with their private key. The recipient decrypts it with the sender's public key and compares hashes. If they match, it proves the message came from the sender (authentication) and wasn't altered (integrity).
Hashing
Hashing applies a one-way function to produce a fixed-length hash (digest) from input data.
- It is one-way — you cannot get the original data back from the hash (unlike encryption, which is reversible).
- The same input always gives the same hash; a tiny change gives a very different hash.
- A good hash function minimises collisions (two inputs giving the same hash).
Main use — passwords: systems store the hash of a password, not the password itself. At login, the entered password is hashed and compared. Even if the database is stolen, the actual passwords aren't revealed. Salting (adding random data before hashing) defends against precomputed (rainbow-table) attacks.
Encryption vs hashing
| Encryption | Hashing | |
|---|---|---|
| Reversible? | Yes (with the key) | No (one-way) |
| Purpose | Keep data secret but recoverable | Verify integrity / store passwords |
Worked example
Why store a hash of a password rather than the password itself?
- Hashing is one-way, so even if attackers steal the database they can't reverse the hashes to get the passwords; logins still work by hashing the input and comparing. ✓
Common mistakes
- Confusing encryption (reversible, for secrecy) with hashing (one-way, for verification).
- Saying the public key decrypts messages — the private key does (for confidentiality).
- Forgetting salting when discussing password storage.
Exam tips
- Contrast symmetric (one shared key, fast) and asymmetric (public/private pair, solves key distribution).
- Explain hashing as one-way and its use for password storage (+ salting).
- Know that a digital signature provides authentication and integrity.
Key facts to remember
- Encryption = reversible scrambling with a key; symmetric (same key, fast) vs asymmetric (public/private, solves key distribution, slower).
- Hashing = one-way digest, not reversible; used to store passwords (with salting) and check integrity.
- Digital signatures (private-key-encrypted hash) prove authenticity and that data is unaltered.