Right, I've had enough. We need to talk about what #encryption, #hashing and #encoding are. They are distinct things that do distinct jobs and whether you are in #CyberSecurity or not, every #coder should know the difference. So... 🧵👇

#learning #webdev #100DaysofCode
Let's start with the simplest; encoding. This is a reversible process where you transform some data into another format, then transform it back (decode) to the original without any keys etc.

Examples: json encoding, base64 encoding, html characters conversion and compression.
Encoding is most useful for transmitting and storing data. For instance, base64 is great to ensure that "unusual" characters like {};[]!'" etc can be saved / sent safely.

ENCODING PROVIDES ZERO SECURITY. None. Anyone can decode your data, it's not meant for that.

I'm calm... 😅
Onwards to hashing, my personal favourite. Hashing is an irreversible process, whereby a set of data is transformed into a unique identifier / "fingerprint".

This fingerprint can't be used to get back to the original data, but the same data will create the same hash every time.
The main uses are "checksums" and passwords. There is a lot to it so here is a blog article I wrote for more:

mashoom.co.uk/blog/what-is-h…

ALL STORED PASSWORDS SHOULD BE HASHED. In #PHP use password_hash(), your language probably has similar. Onwards...
Finally, the one that gets all the press, so much so everything gets labelled encryption. I hope you can now see why everything isn't encryption.

At its core, encrypting data means that you create a key / secret that "unlocks" the data. Read on...
Encryption means that you split the ownership of the data from the data itself. You can store the data in one place and have the ownership in another.

Hopefully your hard-drive is encrypted; your computer stores your data, but you "own" it via your password. Handy...
But if you store your key and your data in the same place, or under the same authority, the protection is void.

A lot of services say "we encrypt your data at rest". This is a good thing for other reasons, but it doesn't stop the service or X cloud provider reading it.
You've made it this far, congratulations 🎉

Just a quick shout out to asymmetric encryption; where one key (often public) encrypts the data and another key (often private) decrypts it. That underpins SSL and many other clever things.
and finally... don't, ever, attempt to write any of the above algorithms yourself. Anyone that is qualified will understand why I say this.

Getting these algorithms right is a life's work; leave it to the experts. Use a library.

Let me know if you found this helpful 🙂

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jamie

Jamie Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(