OP 27 May, 2021 - 11:18 AM
Encryption? Obfuscation? Hashing? Encoding?
Common Misconceptions & Their In-depth Explanations
Introduction - The explanation behind common myths and misconceptions in regards to encryption, hashing, encoding, and obfuscation of data
To prevent the spreading of misinformation and the spreading of incorrect knowledge pertaining to the meanings revolving around the vernacular used when speaking on topics such as cryptology, I will try to explain the fundamental differences between functionalities and use cases of hashing, and encryption.
We will also for full clarity on the subject as a whole touch on encoding and obfuscation as well. All of these words although seem similar are each performing a specific function that is unique to them, and have their own use cases.
Encoding (Examples; ASCII, UNICODE, URL Encoding, BASE64)
The rudimentary explanation of encoding would be the transforming of data so that it may be properly and safely processed, and/or consumed by a different type of system.
Here are some real-world use cases and scenarios in which encoding can and more than likely should be utilized.
Introduction - The explanation behind common myths and misconceptions in regards to encryption, hashing, encoding, and obfuscation of data
To prevent the spreading of misinformation and the spreading of incorrect knowledge pertaining to the meanings revolving around the vernacular used when speaking on topics such as cryptology, I will try to explain the fundamental differences between functionalities and use cases of hashing, and encryption.
We will also for full clarity on the subject as a whole touch on encoding and obfuscation as well. All of these words although seem similar are each performing a specific function that is unique to them, and have their own use cases.
Encoding (Examples; ASCII, UNICODE, URL Encoding, BASE64)
The rudimentary explanation of encoding would be the transforming of data so that it may be properly and safely processed, and/or consumed by a different type of system.
Here are some real-world use cases and scenarios in which encoding can and more than likely should be utilized.
- -Attempting to render and/or view special characters which are displayed on the webpage/document you are viewing.
- -Composing an e-mail for forwarding to a co-worker in which the content is inclusive of binary data.
The underlying functionality of encoding is not to take the data and make it 'secretive'
but instead to provide the data in a form that will be executed and rendered appropriately
for the end-user, and the machine which will be executing it.
but instead to provide the data in a form that will be executed and rendered appropriately
for the end-user, and the machine which will be executing it.
Encryption (Examples; AES, BLOWFISH, RSA)
Unlike encoding, which we reviewed above the purpose of encryption is to keep the data a secret, but to do so in a unique way that will allow it to be later decrypted, using a set key by the original encryptor. Our goal in encryption primarily is to make sure no one else other than who we want to be able to
read and understand the data we are providing is going to be the one and only person(s) who are capable of doing so. We want to eliminate the chance of those who are not supposed to be reading the plaintext data, are in turn incapable of reading the plaintext data and will remain that way until the key used for the decryption is presented. Only our intended recipient should ever be able to understand our data! There are many forms of encryption as well some being asymmetric and others symmetric. In order for the recipient to decrypt the encryption you forward them, they will require the ciphertext, algorithm, and the key in order to return the encrypted string back into the unencrypted format.
Hashing (Examples; SHA-3. MD5, bcrypt)
read and understand the data we are providing is going to be the one and only person(s) who are capable of doing so. We want to eliminate the chance of those who are not supposed to be reading the plaintext data, are in turn incapable of reading the plaintext data and will remain that way until the key used for the decryption is presented. Only our intended recipient should ever be able to understand our data! There are many forms of encryption as well some being asymmetric and others symmetric. In order for the recipient to decrypt the encryption you forward them, they will require the ciphertext, algorithm, and the key in order to return the encrypted string back into the unencrypted format.
Hashing (Examples; SHA-3. MD5, bcrypt)
Now we are going to talk about hashing, a very unique subject that has an overwhelming amount of misinformation already is surrounding the subject.
Hashing's purpose is to preserve the integrity of the data which is inputted. This means that if any tiny bit of the data is to change, in any way imaginable, you will be made aware of such a change due to the core functionality of what hashing is used to provide. Hashing accomplishes this through taking an arbitrary input and in turn, will produce a fixed-length string that corresponds to the following rules.
Hashing's purpose is to preserve the integrity of the data which is inputted. This means that if any tiny bit of the data is to change, in any way imaginable, you will be made aware of such a change due to the core functionality of what hashing is used to provide. Hashing accomplishes this through taking an arbitrary input and in turn, will produce a fixed-length string that corresponds to the following rules.
- The same input used to produce then hashed value will always produce the exact same output.
- Multiple disparate inputs should not produce the same output.
- It should not be possible to go from the output to the input.
- 3.1 (This is a key difference that sets it apart from encryption!)
- 3.1 (This is a key difference that sets it apart from encryption!)
- Any and all modification of a given input should result in a drastic change of the hashed value.
We use hashing in conjunction with authentication to produce strong evidence that a given piece of data has not been modified, or tampered with by any means.
By reviewing the original hash of the data, and comparing it to a newer hash of the data one can determine whether or not any of it has been affected.
A common use case you can see such as this can be seen in applications and software by verifying the checksum of the software/application to ensure the hash checks out with the corresponding version number which the application is supposed to be.
By reviewing the original hash of the data, and comparing it to a newer hash of the data one can determine whether or not any of it has been affected.
A common use case you can see such as this can be seen in applications and software by verifying the checksum of the software/application to ensure the hash checks out with the corresponding version number which the application is supposed to be.
Obfuscation (Examples; ProGuard, Javascript Obfuscator)
This is used in order to scramble what it is exactly that our data is doing. We are wanting to have the same end goal accomplished but make it as enigmatic to understand how we got to that end goal as we possibly can. We do this in order to make whatever it is which we are obfuscating harder to attack and/or copy.
We often will primarily notice the usage of obfuscation being utilized in source code to increase the difficulty of replicating the product in the event which it succumbs to being reverse engineered.
Obfuscation is by nature not a strong control, unlike properly employed and implemented encryption. Obfuscation is more so better described and/or thought of to be seen as an obstacle. It similar to encoding, can more often than not be reversed by utilizing the same technique which was used to obfuscate it in the first place, otherwise, it is a simple manual process that takes time to work through.
It is also a key factor to remember when we are speaking of obfuscation that there is a limitation to how obscure we can allow our code to become, and it is dependent upon the content which we are choosing to obscure. If the content which you are obscuring is consistent with computer code, the imitation is that the result must still be consumable by the computer, or else the application's functionality will cease to exist, and the software will be of no use to anyone.
Additional Information
A concept that is often asked in the field of study pertinent to these matters would be when obfuscation should be utilized in favor of encryption. The verdict would be that obfuscation is used to make the data difficult for one entity to understand and comprehend such an entity would be for example a human. While being hard for one entity to understand, however, it will maintain the ability to be easily understood for the other entity; such as a computer. Encryption however would be different in the sense that neither a human nor a computer could read the content which has been encrypted without having the key for decryption of the encrypted string!
If you have any question(s) and/or concern(s) don't hesitate to ask
Have a nice day.
[DM to purchase Signature Ad Slots]
[Ping's PGP Key]
I am NOT affiliated with any "Ping" shops, or services being marketed over this forum.
Before conducting any form of business confirm my identity through onsite PM.
[Ping's PGP Key]
I am NOT affiliated with any "Ping" shops, or services being marketed over this forum.
Before conducting any form of business confirm my identity through onsite PM.
![[Image: Final_1.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fs1.gifyu.com%2Fimages%2FFinal_1.gif)
![[Image: 81QoXii.gif]](https://imgur.com/81QoXii.gif)
![[Image: PUm4fxA.gif]](https://i.imgur.com/PUm4fxA.gif)
