Difference between encryption and hashing

Question

In our project there are several places where we could\'ve gotten away with hashing. For example, we store an encrypted reference between a license and the licensed object in t

Answer 1

If it is a symmetric cipher you are using, and the system is deployed in the 'hostile' environment, then it is a question of time before a motivated individual can isolate the key and sign their own (or others) license data.

In those cases you need an assymetric cipher to "sign" the license with your private key which is stored safely away on a computer in a vault and no connection to the outside world. Ok, slight exageration, but in a secure environment.

A plain hash will not help in this case because they can be used to sign forged licenses. If you want to be sure that only you can approve license changes, then using an assymetric cipher to encrypt the license (or a hash of the license) is the most straightforward way.