Security for Beginners
by Sergey Okinchuk
Protecting Data in Transit and at RestSignatures and Trust
Topic 19

Hashing vs Encryption

Concept

These two words get mixed up constantly, and the difference is simple once it is said out loud. Encryption is reversible: with the right key, you turn the scrambled data back into the original. Hashing is one-way: there is no key and no route back, only a fingerprint of whatever went in.

We already met hashing once, when we talked about how a service stores passwords without keeping the password itself. Here we put it next to encryption so the contrast is clear, because they look similar from the outside — both turn readable data into a jumble — but they exist for opposite reasons.

The everyday picture: encryption is a locked box — you put something in, lock it, and later open it with the key to get the exact thing back. Hashing is a fingerprint — it points to exactly one input and changes completely if that input changes, but you can never work backwards from the print to the original. From here on we will use the real terms.

Two tools that look alike and do opposite jobs
Encryption — reversible
Scrambles data so it can be unscrambled later with the key. Purpose: keep a secret you intend to read again.
Hashing — one-way
Turns any input into a fixed-size fingerprint with no way back, no key. Purpose: check sameness, not recover the original.

Encryption Goes Both Ways

Encryption exists to protect something you fully intend to read again later — a message, a stored file, your bank balance on its way across the internet. Because you will need the original back, encryption has to be reversible.

That reversibility is no accident. You lock the data with a key, it travels or sits safely as a jumble, and when the right person arrives with the matching key, the original comes back out exactly as it went in. Take away the key and the door stays shut; supply the key and the box opens. Two-way is a feature here, not a weakness.

Hashing Only Goes One Way

Hashing takes an input of any size — a single word, a whole movie file — and produces a fixed-size string of characters called a hash, the fingerprint of that exact input. The same input always yields the same hash, and the tiniest change to the input produces a completely different one.

The defining trait is that there is no way back. You cannot run a hash in reverse to recover what produced it, and there is no key that would let you, because no key exists. A hash is a verdict about an input, not a wrapped-up copy of it. Its job is to verify, never to recover.

What Each One Is For

Encryption is the tool when you want to keep a secret you will reopen. Olivia's chat message is encrypted so only her friend can read it — and her friend genuinely needs to read it, so the original has to come back.

Hashing is the tool when you want to check that two things match without keeping the original around. When Olivia sets a password, the service stores only its hash. Next time she signs in, it hashes what she typed and compares the two fingerprints. If they match, she is in — and the service never had to store the password itself, so a thief who steals its files gets fingerprints, not passwords.

So the line is clean: encryption hides data you mean to read later; hashing confirms sameness without holding the original at all.

Hashing as an Integrity Check

Hashing has a second job that ties straight back to the three things we protect. Recall integrity — the "I" in the CIA triad — meaning data stays correct and unaltered. A hash is a direct way to check it.

Hash a file today and write the fingerprint down. Hash the same file a month later and compare. If the two fingerprints match, not a single byte changed. If they differ, something altered the file — whether a glitch or a deliberate edit. That is how a download page can offer a fingerprint next to a file, or how a system can notice that an important file was quietly tampered with: the hash turns "did this change?" into a yes-or-no you can actually test.

Common Confusions
  • "Hashing is just a kind of encryption." They share a look but not a purpose. Encryption is reversible by design; hashing has no reverse at all. Different goals, different tools.
  • "You can decrypt a hash if you have the right key." There is no key and no decryption step. The only move available is to hash another input and see whether the fingerprints match.
  • "Hashing keeps data secret." It does not hide data for later reading — that is encryption's job. Hashing verifies sameness or detects change; secrecy is a separate goal.
  • "A matching hash means you recovered the password." A match only proves the two inputs were identical. The service still never sees or stores the original password — it only ever compares fingerprints.
Why It Matters
  • Reversible versus one-way is the single cleanest way to clear up the most common crypto mix-up beginners run into.
  • It explains how a service can check your password without ever storing the password itself — it stores and compares fingerprints.
  • It shows how systems detect tampering: a changed file produces a different hash, turning integrity into something you can actually test.

Knowledge Check

What is the core difference between encryption and hashing?

  • Encryption is reversible with a key; hashing has no reverse
  • Encryption scrambles data while hashing leaves it readable
  • Hashing can be undone with a key, but encryption is permanent
  • They are the same process with two different names

A service wants to check Olivia's password without ever storing the password itself. Which tool fits, and why?

  • Hashing, because it compares fingerprints without keeping the original
  • Encryption, because it keeps a recoverable copy of the password on file
  • Hashing, because it hides the password so it can be read back later
  • Either one, but only if the plain password is also stored

Someone has a hash and wants to find the original input that produced it. What can they actually do?

  • Only hash other inputs and check whether any match the fingerprint
  • Decrypt the hash using the key that created it
  • Run the hash a second time in reverse mode to recover the original input
  • Unwrap the hash to read the copy stored inside it

A file is hashed today, and the same file is hashed a month later. The two fingerprints differ. What does that tell you?

  • The file changed at some point — its integrity was broken
  • The file is unchanged; the same content always produces slightly varying hashes over time
  • The file became more secret over the month
  • The file was taken offline and is no longer available

You got correct