Right, I've had enough. We need to talk about what #encryption, #hashing and #encoding are. They are distinct things that do distinct jobs and whether you are in #CyberSecurity or not, every #coder should know the difference. So... 🧵👇
#learning #webdev #100DaysofCode
#learning #webdev #100DaysofCode
Let's start with the simplest; encoding. This is a reversible process where you transform some data into another format, then transform it back (decode) to the original without any keys etc.
Examples: json encoding, base64 encoding, html characters conversion and compression.
Examples: json encoding, base64 encoding, html characters conversion and compression.
Encoding is most useful for transmitting and storing data. For instance, base64 is great to ensure that "unusual" characters like {};[]!'" etc can be saved / sent safely.
ENCODING PROVIDES ZERO SECURITY. None. Anyone can decode your data, it's not meant for that.
I'm calm... 😅
ENCODING PROVIDES ZERO SECURITY. None. Anyone can decode your data, it's not meant for that.
I'm calm... 😅
Onwards to hashing, my personal favourite. Hashing is an irreversible process, whereby a set of data is transformed into a unique identifier / "fingerprint".
This fingerprint can't be used to get back to the original data, but the same data will create the same hash every time.
This fingerprint can't be used to get back to the original data, but the same data will create the same hash every time.
The main uses are "checksums" and passwords. There is a lot to it so here is a blog article I wrote for more:
mashoom.co.uk/blog/what-is-h…
ALL STORED PASSWORDS SHOULD BE HASHED. In #PHP use password_hash(), your language probably has similar. Onwards...
mashoom.co.uk/blog/what-is-h…
ALL STORED PASSWORDS SHOULD BE HASHED. In #PHP use password_hash(), your language probably has similar. Onwards...
Finally, the one that gets all the press, so much so everything gets labelled encryption. I hope you can now see why everything isn't encryption.
At its core, encrypting data means that you create a key / secret that "unlocks" the data. Read on...
At its core, encrypting data means that you create a key / secret that "unlocks" the data. Read on...
Encryption means that you split the ownership of the data from the data itself. You can store the data in one place and have the ownership in another.
Hopefully your hard-drive is encrypted; your computer stores your data, but you "own" it via your password. Handy...
Hopefully your hard-drive is encrypted; your computer stores your data, but you "own" it via your password. Handy...
But if you store your key and your data in the same place, or under the same authority, the protection is void.
A lot of services say "we encrypt your data at rest". This is a good thing for other reasons, but it doesn't stop the service or X cloud provider reading it.
A lot of services say "we encrypt your data at rest". This is a good thing for other reasons, but it doesn't stop the service or X cloud provider reading it.
You've made it this far, congratulations 🎉
Just a quick shout out to asymmetric encryption; where one key (often public) encrypts the data and another key (often private) decrypts it. That underpins SSL and many other clever things.
Just a quick shout out to asymmetric encryption; where one key (often public) encrypts the data and another key (often private) decrypts it. That underpins SSL and many other clever things.
and finally... don't, ever, attempt to write any of the above algorithms yourself. Anyone that is qualified will understand why I say this.
Getting these algorithms right is a life's work; leave it to the experts. Use a library.
Let me know if you found this helpful 🙂
Getting these algorithms right is a life's work; leave it to the experts. Use a library.
Let me know if you found this helpful 🙂
• • •
Missing some Tweet in this thread? You can try to
force a refresh
