DEV Community

Bachi for Auth0

Posted on • Edited on • Originally published at auth0.com

2 1

How Secure Are Encryption, Hashing, Encoding and Obfuscation?

The discipline of cryptography, necessary for a variety of security applications, is no stranger to the arms race found in all other security disciplines. While modern cryptography aims to create mechanisms that protect information through the application of mathematical principles and computer science, cryptanalysis, by contrast, aims to defeat such mechanisms in order to obtain illegitimate access to the information.

This arms race between cryptography and cryptanalysis has incentivized the creation of stronger algorithms through the ages — from ancient Greece and Rome to our digital age and beyond. Some algorithms fall out of use due to flaws uncovered through cryptanalysis; others, simply due to advances in computation which render them ineffective when facing state-of-the-art technology.

In this post, we’ll define the security pillars of cryptography: confidentiality, integrity, and authenticity. We’ll then compare and contrast encryption, hashing, encoding, and obfuscation, showing which of these operations provide which of the security properties.

Confidentiality is about protecting information from being accessed by unauthorized parties or, in other words, is about making sure that only those who are authorized have access to restricted data. Integrity refers to protecting information from being altered, and authenticity has to do with identifying the owner of the information.

As an example, personal medical data needs to be confidential, meaning that only doctors or medical personnel should access it. Its integrity must also be protected because tampering with such data can result in a wrong diagnosis or treatment with possible health risks for the patient. Authenticity is this example means that patient data should be tied to an identified individual, and that, when a doctor modifies the data — because they authorized to do so — it’s of vital importance to know which doctor did it in a way that they can’t repudiate.

We’ll now define what is encryption, hashing, encoding and obfuscation focusing mostly on identifying which of the three cryptographic properties (confidentiality, integrity, authenticity) hold true for each of them.

Continue reading 📖

Heroku

This site is built on Heroku

Join the ranks of developers at Salesforce, Airbase, DEV, and more who deploy their mission critical applications on Heroku. Sign up today and launch your first app!

Get Started

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more