What is Hashing?

Hashing is another tool in the toolbox of cryptography. It is simply the process of taking a line of text, like a username or password, and converting it into another seemingly random, fixed-length string. This result is called the hash.

The process is done through a mathematical process referred to as the cryptographic hash function (CHF). This produces the hashed string as well as a unique hashed value that, if altered, would indicate that the file has been tampered with.

This data may also be salted when converted: that is to say that a value or string of characters may be added to the data prior to hashing.

Why hashing instead of encryption?

With encryption, there is a complementary decryption function. The data is intended to be made human-readable again when dealing with other parties. Hashing, however, is not. Hashing is intended to be a one-way conversion. There is no decryption method provided.

This comes in handy when dealing with usernames, passwords, or personally identifiable information that needs to be stored for records but not to be distributed. Instead of fetching and decoding this data and risking exposure, the user can enter their password, allow that entry to also be hashed, and compare the hashed entry to the hashed password in the database. If the two hashed values align, the submission is accepted.

These practices are often used in tandem with encryption techniques to ensure safety and security.