Encrypting, Hashing, Salting passwords - say what?

What's the difference between Encrypting, Hashing and Salting passwords?

Bcorp Logo

Encrypting, Hashing, Salting passwords - say what?

When it comes to storing passwords securely, three phrases get bandied about - and often confused. 

Encryption, Hashing and Salting are all useful techniques.  However there is a right time and a wrong time to use them, depending on what you're trying to achieve.

Encryption means scrambling data so that it can only be decoded by those who have the key. This protects it from unauthorized parties - but you have to protect your key.

Hashing, in cryptographic terms, is a one-way transformation that cannot be reverse-engineered. It's great for online authentication and adding trust, such as ensuring a download hasn't been tampered with.  For instance, you may have seen a "MD5 value" given to a piece of open-source software.

However, the hash value of "P@ssw0rd1" is always going to be the same, so if your attacker has a big old database of password hashes (which they will do) then hashing passwords isn't enough.

So that brings us to "Salting" which involves adding random "noise" to your data before you hash it. This is the recommended way to store passwords securely, as it makes brute-forcing hashed passwords almost impossible.

Share this post on:

We would love to hear from you

Get in touch

or call us on 020 3137 3920

Get in touch