Difference of encryption and hashing

 

To give a concise history, in World War II, the Enigma Machine was utilized by the Germans to encode and decode messages. In any case, the Allies could get hold of the gadget and the keys so captured messages could be unscrambled and the knowledge picked up permitted critical advances against the Axis.

What is encryption?

Encryption, as characterized by Wikipedia, is “the way toward changing data (alluded to as plaintext) utilizing a calculation (called figure) to make it incoherent to anybody with the exception of those having uncommon information, for the most part alluded to as a key.

The key is the manner by which you open your entryway. Without the key, endeavors can be made to break in to your home, yet normally this is untidy, including broken windows, broken door frames, and et cetera. Once in a while you will have somebody that comprehends what they are doing, and will have a bolt pick set to turn the tumblers. Encryption is comparable, it requires a key to bolt and open the substance.

 

The key is much similar to the way to the bolt on your home entryway.

The aftereffect of the procedure is encoded data (in cryptography, alluded to as ciphertext). In numerous unique situations, the word encryption additionally certainly alludes to the invert procedure, unscrambling (e.g. “programming for encryption” can commonly additionally perform decoding), to make the encoded data coherent once more (i.e. to make it decoded).”

All encryption requires a key. A standout amongst the most understood techniques, called the Caesar move, utilized a straightforward key. In World War I and II, encryption was utilized to transmit data to and from the front line without the adversary knowing. The two sides did this.

A standout amongst the most prevalent encryption calculations is the RSA strategy. RSA utilizes open/private key cryptography to permit the trading of messages while just the beneficiary can decode with his or her private key, in light of the fact that the encryption strategy utilized his or her open key.

In view of this characteristic, encryption is said to be two-way. It tends to be decoded. The thought, obviously, is that it must be unscrambled by the individual with the key.

Illustration

The main case utilizes Rot13, which is the cutting edge usage of the Caesar move.

Code: Select all

<?php
$message 'phpBB3 is the one that rules them all.';

// The Caesar shift, implemented in Rot13
// This isn't considered "true encryption" today due to its simplicity, but it shows how encryption works
// This implementation shifts by 13 characters
$rot13 str_rot13($message);
$rot13_decrypt str_rot13($rot13);

// Rijndael 256, a popular encryption method
// Below code taken from http://us3.php.net/manual/en/function.mcrypt-encrypt.php
$iv_size mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256MCRYPT_MODE_ECB);
$iv mcrypt_create_iv($iv_sizeMCRYPT_RAND);
$key "This is a very secret key";
$rijndael256 mcrypt_encrypt(MCRYPT_RIJNDAEL_256$key$messageMCRYPT_MODE_ECB$iv);
$rijndael256_decrypt mcrypt_decrypt(MCRYPT_RIJNDAEL_256$key$rijndael256MCRYPT_MODE_ECB$iv);

// Output the message
echo('<strong>The message</strong>' "<br />");
echo($message "<br /><br />");

// Output the key
echo('<strong>The key</strong>' "<br />");
echo($key "<br /><br />");

// Output the encrypted text
echo('<strong>Encrypted text</strong>' "<br />");
echo('<em>Rot13:</em> ' $rot13 "<br />");
echo('<em>Rijndael 256:</em> ' $rijndael256 "<br /><br />");

// Output the decrypted text
echo('<strong>Decrypted text</strong>' "<br />");
echo('<em>Rot13:</em> ' $rot13_decrypt "<br />");
echo('<em>Rijndael 256:</em> ' $rijndael256_decrypt "<br /><br />");  

What is hashing?

Hashing, in cryptography, is the taking of a message and creating a new message in such a way that it cannot be reversed. There is simply no key for it to be unlocked.

This has many uses, including verifying files, ensuring the integrity of an encrypted message, and of course password storage. Because there isn’t a key, there is no way to get the original. This attribute is typically referred to as one-way.

Real-world applications include phpBB2 and phpBB3. phpBB2 uses MD5, or Message Digest 5. phpBB3 uses phpass which makes use of MD5 with salting to help resist bruteforce attacks.

Because there is no key in hashing, the only way to get the original message back is to either know the original message, or brute force until the representation of the original is found. What this means is that in order to verify that the message is the hashed message, the message must be hashed and compared to the hash to verify that it is the same. This is how authentication in phpBB is done.

Example

Code: Select all

<?php
$password "this is more a passphrase@@5";
$password_check "this is more a passphrase@@";

// Use MD5 to hash
$password_md5 md5($password);
$password_check_md5 md5($password_check);

// Now verify the two
if($password_md5 == $password_check_md5)
{
     echo("Access granted");
}

else
{
     echo("Access denied");
}  

According to the above code, the test should fail. When we run it, we see that it does indeed give us “Access denied.”

Still plenty more left
While discussing large primes, Chinese Remainder Theorem, message digests, and so on are outside the realm of this article, hopefully you now have a basic understanding of the difference of the two methods and why phpBB uses hashing instead of encryption.