What is the difference between Obfuscation, Hashing, and Encryption?

encryption hash obfuscation
26,081

Solution 1

Hashing is a technique of creating semi-unique keys based on larger pieces of data. In a given hash you will eventually have "collisions" (e.g. two different pieces of data calculating to the same hash value) and when you do, you typically create a larger hash key size.

obfuscation generally involves trying to remove helpful clues (i.e. meaningful variable/function names), removing whitespace to make things hard to read, and generally doing things in convoluted ways to make following what's going on difficult. It provides no serious level of security like "true" encryption would.

Encryption can follow several models, one of which is the "secret" method, called private key encryption where both parties have a secret key. Public key encryption uses a shared one-way key to encrypt and a private recipient key to decrypt. With public key, only the recipient needs to have the secret.

Solution 2

That's a high level explanation. I'll try to refine them:

Hashing - in a perfect world, it's a random oracle. For the same input X, you always recieve the same output Y, that is in NO WAY related to X. This is mathematically impossible (or at least unproven to be possible). The closest we get is trapdoor functions. H(X) = Y for with H-1(Y) = X is so difficult to do you're better off trying to brute force a Z such that H(Z) = Y

Obfuscation (my opinion) - Any function f, such that f(a) = b where you rely on f being secret. F may be a hash function, but the "obfuscation" part implies security through obscurity. If you never saw ROT13 before, it'd be obfuscation

Encryption - Ek(X) = Y, Dl(Y) = X where E is known to everyone. k and l are keys, they may be the same (in symmetric, they are the same). Y is the ciphertext, X is the plaintext.

Solution 3

Obfuscation in cryptography is encoding the input data before it is hashed or encrypted.

This makes brute force attacks less feasible, as it gets harder to determine the correct cleartext.

Solution 4

That's not a bad high-level description. Here are some additional considerations:

Hashing typically reduces a large amount of data to a much smaller size. This is useful for verifying the contents of a file without having to have two copies to compare, for example.

Encryption involves storing some secret data, and the security of the secret data depends on keeping a separate "key" safe from the bad guys.

Obfuscation is hiding some information without a separate key (or with a fixed key). In this case, keeping the method a secret is how you keep the data safe.

From this, you can see how a hash algorithm might be useful for digital signatures and content validation, how encryption is used to secure your files and network connections, and why obfuscation is used for Digital Rights Management.

Solution 5

This is how I've always looked at it.

  • Hashing is deriving a value from another, using a set algorithm. Depending on the algo used, this may be one way, may not be.

  • Obfuscating is making something harder to read by symbol replacement.

  • Encryption is like hashing, except the value is dependent on another value you provide the algorithm.

Share:
26,081
Robert Taylor
Author by

Robert Taylor

Software Developer since 1996 Currently Team Lead of an Asp.Net team.

Updated on August 25, 2020

Comments

  • Robert Taylor
    Robert Taylor almost 4 years

    What is the difference between Obfuscation, Hashing, and Encryption?

    Here is my understanding:

    • Hashing is a one-way algorithm; cannot be reversed
    • Obfuscation is similar to encryption but doesn't require any "secret" to understand (ROT13 is one example)
    • Encryption is reversible but a "secret" is required to do so
  • Graeme Perrow
    Graeme Perrow over 15 years
    AFAIK, hashing is always one-way.
  • tvanfosson
    tvanfosson over 15 years
    I would classify them as symmetric (shared secret key) and asymmetric (public/private).
  • Stefan Verhagen
    Stefan Verhagen over 6 years
    "Encryption is like hashing, except the value is dependent on another value you provide the algorithm." Does this make encryption useful for other applications than hashing? Can you give some examples? Maybe see @selwyn in the answers to this topic.
  • Stefan Verhagen
    Stefan Verhagen over 6 years
    Encryption is that a trapdoor function? Whereas a hash is a one-way function? mathworld.wolfram.com/TrapdoorOne-WayFunction.html
  • srbrills
    srbrills almost 4 years
    I really like this answer. It points out that obfuscation is using a secret algorithm, whereas encryption is using a known algorithm with secret keys. You're most secure if you encrypt and obfuscate, because then all knowns become unknown.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to properly store a PBKDF2 password hash
How to store private encrypted user data in the database, but make them available to other chosen users?
How to hash a password with SHA512
Which bcrypt cost to use for 2018?
What kind of algorithm does .htpasswd uses?
How to obfuscate lua code?
What kind of password hash/encryption is this?
how do you get the password hash of a zip file?
Is there a simple C or C++ function that calculates the sha1 hash of a string?
How to encrypt HTML+JS assets in Android Phonegap mobile app?