What is the difference between Obfuscation, Hashing, and Encryption?

Question

What is the difference between Obfuscation, Hashing, and Encryption?

Here is my understanding:

• Hashing is a one-way algorithm; cannot be reversed

Answer 1

That's not a bad high-level description. Here are some additional considerations:

Hashing typically reduces a large amount of data to a much smaller size. This is useful for verifying the contents of a file without having to have two copies to compare, for example.

Encryption involves storing some secret data, and the security of the secret data depends on keeping a separate "key" safe from the bad guys.

Obfuscation is hiding some information without a separate key (or with a fixed key). In this case, keeping the method a secret is how you keep the data safe.

From this, you can see how a hash algorithm might be useful for digital signatures and content validation, how encryption is used to secure your files and network connections, and why obfuscation is used for Digital Rights Management.

Answer 2

This is how I've always looked at it.

• Hashing is deriving a value from another, using a set algorithm. Depending on the algo used, this may be one way, may not be.

• Obfuscating is making something harder to read by symbol replacement.

• Encryption is like hashing, except the value is dependent on another value you provide the algorithm.

Answer 3

A brief answer:

Hashing - creating a check field on some data (to detect when data is modified). This is a one way function and the original data cannot be derived from the hash. Typical standards for this are SHA-1, SHA256 etc.

Obfuscation - modify your data/code to confuse anyone else (no real protection). This may or may not loose some of the original data. There are no real standards for this.

Encryption - using a key to transform data so that only those with the correct key can understand it. The encrypted data can be decrypted to obtain the original data. Typical standards are DES, TDES, AES, RSA etc.

Answer 4

A hash is a one way algorithm used to compare an input with a reference without compromising the reference.

It is commonly used in logins to compare passwords and you can also find it on your reciepe if you shop using credit-card. There you will find your credit-card-number with some numbers hidden, this way you can prove with high propability that your card was used to buy the stuff while someone searching through your garbage won't be able to find the number of your card.

A very naive and simple hash is "The first 3 letters of a string". That means the hash of "abcdefg" will be "abc". This function can obviously not be reversed which is the entire purpose of a hash. However, note that "abcxyz" will have exactly the same hash, this is called a collision. So again: a hash only proves with a certain propability that the two compared values are the same.

Another very naive and simple hash is the 5-modulus of a number, here you will see that 6,11,16 etc.. will all have the same hash: 1.

Modern hash-algorithms are designed to keep the number of collisions as low as possible but they can never be completly avoided. A rule of thumb is: the longer your hash is, the less collisions it has.

Answer 5

Obfuscation in cryptography is encoding the input data before it is hashed or encrypted.

This makes brute force attacks less feasible, as it gets harder to determine the correct cleartext.

Answer 6

Obfuscation is merely making something harder to understand by intruducing techniques to confuse someone. Code obfuscators usually do this by renaming things to remove anything meaningful from variable or method names. It's not similar to encryption in that nothing has to be decrypted to be used.

Typically, the difference between hashing and encryption is that hashing generally just employs a formula to translate the data into another form where encryption uses a formula requiring key(s) to encrypt/decrypt. Examples would be base 64 encoding being a hash algorithm where md5 being an encryption algorithm. Anyone can unhash base64 encoded data, but you can't unencrypt md5 encrypted data without a key.