Reputation: 1524
Can anyone describe the difference between password encryption and hash (sha-256)?
I need to save the password to database.I get confused in encryption,hash using sha-256 ,salt generation method .If any one explains the basic concept behind this then it will be helpful
Upvotes: 1
Views: 1189
Answers (2)
Reputation: 22162
The follow is a very basic explanation, anyway...
- Encryption is a reversible method to crypt the data. So if you have "password" a encryption method convert it into (for example) "ufmehlejw" and then you are able to get again "password".
- An hash function (one of them is the sha-256) is a function that once it's used on a string you have no way to recover the original string.
- A salt is a string which usually prorammers (and not only, of course) use to mix the given password. It's usually randomly generated. A salt is used to extend the original data before using an hash function. The goal of the salt is to avoid attackers to discover the original password of a user from a stolen hash using rainbow tables.
Upvotes: 2
Reputation: 2028
In short:
Encryption is a process with an inverse. In other words: If I encrypt some text, there is a process which is able to convert the new text back to the original, called decryption.
Hashing is fundamentally different from encryption, because it does not have such a process. What a hash is meant to do is provide you with a result, which is unique for that given input text (well, almost unique, let's keep it at unique). This way, people can verify if two input texts were equal, without knowing what the actual input text was. So, if people get their hands on your hashed password, they still cannot decrypt it. SHA is a family of methods which provide hashing.
Salts and Peppers are merely additional techniques to hashing, which describe the process of adding something before and after the input text before hashing. This improves the difficulty of brute-force cracking of hashes back to text.
Brute force cracking means simply trying all possible inputs (aa, ab, ac, etc...) and see if you can generate a hash which matches the hash you have gotten via hacking some website or whatever. You can find more on that here: https://security.stackexchange.com/questions/3272/password-hashing-add-salt-pepper-or-is-salt-enough
Upvotes: 1
Related Questions
- Fundamental difference between Hashing and Encryption algorithms
- Is it worth encrypting a password hash?
- Difference between Hashing a Password and Encrypting it
- Encryption vs Hashing Passwords
- What different between md5() .vs. hash when saving password?
- Encrypting and Decrypting with password_hash and SHA256
- What is better hashed or encrypted passwords?
- How is an MD5 or SHA-X hash different from an encryption?
- Passwords and different types of encryption
- Difference between encryption and hashing