When I started learning cybersecurity, one of the first things I wanted to understand clearly was the difference between hashing, encryption, and encoding. Many developers mix these terms, and even I used to confuse them earlier in my journey. But they are actually very different, and each one has a special purpose in security.
In this article I want to explain these three concepts in simple English, without using advanced math or complicated examples. My goal is to understand the idea behind each one and show where they are used in the real world of cybersecurity.
1. Encoding (Not Security, Just Format Change)
Encoding is the easiest one.
Encoding does not protect data. It only changes the format of data so different systems can read it.
Examples of encoding:
- Base64
- URL encoding
- ASCII
- UTF-8
Why encoding is used
- To send data safely over the internet
- To make sure special characters do not break a request
- To convert data into a form that systems understand
Important note
Anyone can decode encoded data.
Encoding is not meant to hide or protect anything.
If your password or secret is only Base64 encoded, it is not secure at all.
2. Hashing (One Way, Cannot Reverse)
Hashing is a one way function.
Once you hash something, you cannot get the original value back.
Common hashing algorithms
- SHA-256
- SHA-1 (old and weak)
- MD5 (very weak)
Why hashing is used
- Password storage
- File integrity checks
- Digital signatures
- Blockchain
Important rule
If a system stores your password as a plain hash, it is still not safe.
Why? Because hackers can try billions of guesses per second.
To make hashing safer, we add:
- Salt (random data added before hashing)
- Slow hashing algorithms like bcrypt, Argon2, PBKDF2
These slow functions make password cracking harder.
Why hashing matters in cybersecurity
Security engineers must know:
- which hashing algorithms are safe
- which are deprecated
- and why simple hashing is not enough
3. Encryption (Two Way, Can Reverse)
Encryption is used to protect data so only the right person or system can read it.
Two types of encryption
1. Symmetric encryption
Same key is used to encrypt and decrypt.
- Example: AES
- Used in: VPNs, disk encryption, WiFi protection
2. Asymmetric encryption
One key encrypts, another key decrypts.
- Example: RSA, ECC
- Used in: HTTPS, certificates, secure email
Why encryption is important
- Protects passwords while sending (not storing)
- Protects bank information
- Protects communication between client and server
- Protects files, backups, and databases
Encryption is the heart of modern cybersecurity.
Without it, the internet would not be safe.
4. Real World Examples
Example 1: Login page
- Password should be hashed before storing
- Data in transit should be encrypted (HTTPS)
- Sometimes data in tokens is encoded (Base64 in JWT)
Example 2: File download
- File hash (SHA-256) checks if file was changed
- HTTPS encrypts the download
- Metadata might be encoded
Example 3: API token
- Tokens are usually encoded for readability
- But the signature inside a JWT uses hashing (HMAC)
- The communication uses encryption (TLS)
Encoding, hashing, and encryption all work together but each has a different job.
5. Mistakes Developers Often Make
I made many of these mistakes myself in my early years.
❌ Thinking Base64 is security
❌ Using MD5 or SHA-1 for passwords
❌ Storing passwords without salt
❌ Using encryption without understanding key management
❌ Mixing encoding with hashing
Understanding these mistakes helps you build more secure systems.
6. Summary (Easy to Remember)
- Encoding is for representation
- Hashing is for verification
- Encryption is for protection
This is the most simple and clear way to remember the difference.
Final Words
This is my second article in my cybersecurity learning journey. My goal is to understand every concept in a simple and practical way, without confusing terms. If you are also starting fresh, I hope this explanation helps you too.
Next I will write more articles about Linux, cybersecurity tools, and networking, all in simple language from a developer point of view.
Stay tuned, and thank you for reading.
Top comments (0)