views:

1750

answers:

11

What is the difference between Obfuscation, Hashing, and Encryption?

Here is my understanding:

  • Hashing is a one-way algorithm; cannot be reversed
  • Obfuscation is similar to encryption but doesn't require any "secret" to understand (ROT13 is one example)
  • Encryption is reversible but a "secret" is required to do so
A: 

All fine, except obfuscation is not really similar to encryption - sometimes it doesn't even involve ciphers as simple as ROT13.

Cade Roux
+1  A: 

This is how I've always looked at it.

  • Hashing is deriving a value from another, using a set algorithm. Depending on the algo used, this may be one way, may not be.

  • Obfuscating is making something harder to read by symbol replacement.

  • Encryption is like hashing, except the value is dependent on another value you provide the algorithm.

Wes P
AFAIK, hashing is always one-way.
Graeme Perrow
+3  A: 

That's a high level explanation. I'll try to refine them:

Hashing - in a perfect world, it's a random oracle. For the same input X, you always recieve the same output Y, that is in NO WAY related to X. This is mathematically impossible (or at least unproven to be possible). The closest we get is trapdoor functions. H(X) = Y for with H-1(Y) = X is so difficult to do you're better off trying to brute force a Z such that H(Z) = Y

Obfuscation (my opinion) - Any function f, such that f(a) = b where you rely on f being secret. F may be a hash function, but the "obfuscation" part implies security through obscurity. If you never saw ROT13 before, it'd be obfuscation

Encryption - Ek(X) = Y, Dl(Y) = X where E is known to everyone. k and l are keys, they may be the same (in symmetric, they are the same). Y is the ciphertext, X is the plaintext.

Tom Ritter
+10  A: 

Hashing is a technique of creating semi-unique keys based on larger pieces of data. In a given hash you will eventually have "collisions" (e.g. two different pieces of data calculating to the same hash value) and when you do, you typically create a larger hash key size.

obfuscation generally involves trying to remove helpful clues (i.e. meaningful variable/function names), removing whitespace to make things hard to read, and generally doing things in convoluted ways to make following what's going on difficult. It provides no serious level of security like "true" encryption would.

Encryption can follow several models, one of which is the "secret" method, called private key encryption where both parties have a secret key. Public key encryption uses a shared one-way key to encrypt and a private recipient key to decrypt. With public key, only the recipient needs to have the secret.

theraccoonbear
I would classify them as symmetric (shared secret key) and asymmetric (public/private).
tvanfosson
A: 

Obfuscation is hiding or making something harder to understand.

Hashing takes an input, runs it through a function, and generates an output that can be a reference to the input. It is not necessarily unique, a function can generate the same output for different inputs.

Encryption transforms the input into an output in a unique manner. There is a one-to-one correlation so there is no potential loss of data or confusion - the output can always be transformed back to the input with no ambiguity.

Ray
+2  A: 

Obfuscation in cryptography is encoding the input data before it is hashed or encrypted.

This makes brute force attacks less feasible, as it gets harder to determine the correct cleartext.

Rinat Abdullin
+2  A: 

That's not a bad high-level description. Here are some additional considerations:

Hashing typically reduces a large amount of data to a much smaller size. This is useful for verifying the contents of a file without having to have two copies to compare, for example.

Encryption involves storing some secret data, and the security of the secret data depends on keeping a separate "key" safe from the bad guys.

Obfuscation is hiding some information without a separate key (or with a fixed key). In this case, keeping the method a secret is how you keep the data safe.

From this, you can see how a hash algorithm might be useful for digital signatures and content validation, how encryption is used to secure your files and network connections, and why obfuscation is used for Digital Rights Management.

Mark Bessey
A: 
  • Hashing is one-way task of creating one value from another. The algorithm should try to create a value that is as short and as unique as possible.

  • obfuscation is making something unreadable without changing semantics. It involves value transformation, removing whitespace, etc. Some forms of obfuscation can also be one-way,so it's impossible to get the starting value

  • encryption is two-way, and there's always some decryption working the other way around.

So, yes, you are mostly correct.

Milan Babuškov
A: 

Obfuscation is merely making something harder to understand by intruducing techniques to confuse someone. Code obfuscators usually do this by renaming things to remove anything meaningful from variable or method names. It's not similar to encryption in that nothing has to be decrypted to be used.

Typically, the difference between hashing and encryption is that hashing generally just employs a formula to translate the data into another form where encryption uses a formula requiring key(s) to encrypt/decrypt. Examples would be base 64 encoding being a hash algorithm where md5 being an encryption algorithm. Anyone can unhash base64 encoded data, but you can't unencrypt md5 encrypted data without a key.

Jeremy
A: 

A brief answer:

Hashing - creating a check field on some data (to detect when data is modified).

Obfuscation - modify your data/code to confuse anyone else (no real protection).

Encryption - using a key to hide information so that only those with the key can understand it.

selwyn
+1  A: 

A hash is a one way algorithm used to compare an input with a reference without compromising the reference.

It is commonly used in logins to compare passwords and you can also find it on your reciepe if you shop using credit-card. There you will find your credit-card-number with some numbers hidden, this way you can prove with high propability that your card was used to buy the stuff while someone searching through your garbage won't be able to find the number of your card.

A very naive and simple hash is "The first 3 letters of a string". That means the hash of "abcdefg" will be "abc". This function can obviously not be reversed which is the entire purpose of a hash. However, note that "abcxyz" will have exactly the same hash, this is called a collision. So again: a hash only proves with a certain propability that the two compared values are the same.

Another very naive and simple hash is the 5-modulus of a number, here you will see that 6,11,16 etc.. will all have the same hash: 1.

Modern hash-algorithms are designed to keep the number of collisions as low as possible but they can never be completly avoided. A rule of thumb is: the longer your hash is, the less collisions it has.