7. Encryption and Hashing for Applications

Encrypting

Encrypting is the process of turning data into something that is not understandable. Decrypting is the process of turning this jumbled information back into something readable. This is useful for hiding sensitive information such as credit card numbers and contact information. You can encrypt information in databases so that only authorized people will know how to decrypt it and view the information.

You can also encrypt data when it is transported through a network. For example, submitting payment information through an ecommerce website. We will go over this and how to encrypt your website like this in the later tutorials.

Two main types of encrypting information are Symmetric encryption and Asymmetric Encryption. 

Symmetric encryption: 

In this method, the same key can encrypt and decrypt the information. 

A very simplified illustration of encryption is below

Message:

I like apples

Encryption Algorithm:

Makes every letter increase by 1

Encrypted Message:

j mjlf bqqmft

Send encrypted message

Receive encrypted message

Decrypt by moving every letter back by 1 to get message. 

Asymmetric encryption: 

 In this method, there are two keys involved, 1 for encrypting the information (public key) and one for decrypting the information (private key). 

A friendly introduction to asymmetric encryption can be found here:
https://hackernoon.com/asymmetric-encryption-explained-using-chocolate-boxes-5a329ea6813e

Hashing

Hashing also turns information into something not understandable. However, the algorithms are designed so that it is supposed to be impossible to decrypt back into something meaningful. This is a good way to hide information if there is need to decrypt the information. For example, some media sharing websites may have URLs that look like www.website.com/video/3yKoHgjtyenCOIRayhdtyj. That text at the end could be a hashed version of a very long title. In this case, visiting the URL with jumbled up text will lead to the correct video, so there is no need to decrypt it into something meaningful. 

Encryption should be used when there is a need to read the original information. For example, sending emails with confidential information. People will need to be able to read this information, so a way to decrypt the message is necessary. 

Hashing is more secure and should be used if it is not necessary to decrypt the information. For example, passwords usually do not need to be decrypted. When you create an account for most websites, the password you enter does not get stored in the database. The password is hashed, and then the resulting hash is stored in the database. So when you login, it is comparing the hashed value of what you entered with what is stored in the database. This is why “Forgot my password” functions do not send you your password, because they do not actually keep the password in a readable format. 

The main points in this article are: 

• Encryption prevents unauthorized people from seeing information, and can be decrypted by authorized people to view the information. 
• Hashing will mess up information so that it cannot be decrypted into anything meaningful.

Navigation

The next article can be found here. Previous article is here.