Hashing vs. encryption: What’s the difference?

Hashing is a process that transforms your data into a random fixed-length value, using a hash function. For example, a piece of plain text (a password, for example) can be turned into a hashed value, making it very hard to decipher.

Hashing is a one-way process that can’t be directly reversed (as opposed to encryption, which can be decrypted if you have the appropriate decryption key). When companies store user data (usernames and passwords, let’s say), they can apply hashing algorithms to ensure that the information stays private, even if they suffer a data breach.

Moreover, hashing ensures the integrity of data. When you send a hashed file to a friend, you provide a hashed value along with the message. The friend then calculates the hash value — if the values match, then the file hasn’t been tampered with while in transit.

Hashing is usually used to deal with large amounts of data. It is easy to find the hashed data as well as avoid data duplication. Hashing is a fast, efficient way to keep huge troves of data safe and ensure its integrity.

A secure hash algorithm generates hash values, also known as hash functions. The hashing algorithms provide different hash values for different keys. So one unique input string should have a unique hash value.

However, in rare cases, keys use identical hash values. This can result in what’s known as a hash collision.

A defining feature of any hashing algorithm is how collision resistant its hash functions are. Collision is a hash-function vulnerability that bad actors can potentially exploit, so a good hashing algorithm should be complex enough to avoid collisions.

Similarly to encryption, hashing algorithms differ in their strength:

• MD5. The MD5 hashing algorithm emerged as an improvement on the MD4 protocol, which had significant security flaws. While it is still used, it has design flaws, so other hashing functions are usually preferred. Moreover, its 128-bit strength is not robust enough for proper protection. It’s also not very resistant to collisions, so it lacks suitability for cryptography hashes.
• SHA. The SHA hashing algorithm was developed by the National Security Agency back in 1993. Its original version had many flaws, so SHA has been updated several times. Its later iterations are now widely used for cryptographic purposes. Due to its sensitive hash strings, it is considered to be a fairly secure protocol.
• BLAKE3. The BLAKE3 hashing algorithm is the most recent version of the BLAKE hash function. Overall, it performs much better than SHA and BLAKE2 protocols. BLAKE3 is used for Wireguard, an ultra-fast VPN protocol (for more, read our article on the best VPN protocols).

Encryption is the process of encoding data using algorithms. Encryption protocols scramble the data so it becomes undecipherable to anyone except the intended recipient, who has the necessary key to reverse the decryption process. Unlike hashing, encryption is a two-way process — information is encrypted and then decrypted when it reaches the intended receiver.

Encryption also secures sensitive data as well as general online traffic. It makes your internet traffic unreadable to an unauthorized party — if strong cryptography algorithms are implemented following best practices, they are resistant to cryptanalytic attacks. If you want to learn more about encryption, check out our article on the best encryption software.

Encryption uses a specific set of rules and instructions, known as algorithms, to convert original data, or plain text, into ciphertext — an encrypted form of data. You can use encryption to turn text, messages, or files into ciphertext.

An encryption algorithm also uses a unique piece of information, called the encryption key. This key determines how the plain text is transformed into ciphertext and vice versa. Encryption keys can be either symmetric or asymmetric:

• Symmetric cryptography uses a symmetric key — the same key for both encryption and decryption. The sender and the receiver of data need to have that same key, which should be shared securely.
• Asymmetric cryptography uses asymmetric keys — a public key and a private key. The public key is used to encrypt information, and the private key is used to decrypt it. In the case of asymmetric encryption, only the private key must be kept secret.
• Hybrid encryption is a third option and combines symmetric and asymmetric keys, using the strengths of both and minimizing their weaknesses.

The ciphertext that you get after the encryption process is done looks like a meaningless jumble of data, extremely difficult to decipher without a decryption key. But if you possess a proper decryption key, you can transform the ciphertext back into plain text by applying specific mathematical operations. Every encryption algorithm has a corresponding decryption algorithm that reverses the encryption process using a decryption key and restores ciphertext back to the original plain text.

There are several commonly used encryption algorithms. Here are the most widely applied ones:

• The Advanced Encryption Standard (AES) is a symmetric encryption algorithm used with SSL/TLS and trusted by government institutions and organizations worldwide. They use this data encryption standard for personally identifiable information (PII), business data, financial transactions, and wireless communication because AES is known for being impervious to attacks.
• RSA is a common asymmetric encryption algorithm used for securing data sent over the internet — messages, digital signatures, login credentials, and key exchange.
• The Diffie-Hellman Key Exchange algorithm allows two parties to establish a shared secret key over an insecure communication channel. You use it with symmetric encryption algorithms to securely exchange keys. This algorithm is commonly used in VPNs and wireless networks to secure online traffic and protect the privacy and integrity of the data in transfer.
• The Triple Data Encryption Standard (3DES) is a symmetric encryption algorithm that applies a DES cipher three times with different keys. You use it in older systems that require compatibility with older encryption standards.
• Blowfish is a symmetric encryption algorithm. It is known for its flexibility in key sizes and relatively fast encryption and decryption speeds. It’s a flexible encryption method that businesses use for securing payments, file transfers, and passwords (if you want to know more about securing your login information, read our post on secure passwords).

	Hashing	Encryption
A one-way process; it cannot be reversed
Intended to maintain data integrity
Intended to protect data while in transit
Useful for companies and websites
Useful for both individuals and businesses

Basically, encryption is the process of scrambling plaintext into unreadable ciphertext, which you can decrypt with a relevant key, while hashing turns plain text into a unique code, which can’t be reverted into a readable form.

Hashing is usually used to ensure the integrity of data, primarily when we’re storing large amounts of it, while encryption is aimed at protecting the privacy of small amounts of data while in transit.

Here are some examples of hash usage:

• Preserves file integrity during file sharing, downloading, or mirroring processes. It ensures that the files you get are intact and have not been tampered with.
• Digital signatures almost always require the calculation of a cryptographic hash. It guarantees the efficiency and security of digital signature schemes.
• Password verification commonly uses cryptographic hashes. Hash digests prevent passwords from being compromised. During the user authentication process, a system will compare the user-entered password’s hashes with its own stored values.
• Hashing is used in cryptocurrency systems to protect them from DDoS attacks and other abuses.
• We can also use hashing for file identification. This protects users from forgery and cases when they can receive other data than expected.

And here are a few common use-cases for encryption:

• Encryption is used to protect your online traffic from interventions and snooping. It is an essential feature of VPN services and online security in general. For example, if you use NordVPN’s Meshnet feature to access your devices remotely, your data will be protected by encryption.
• End-to-end encryption is used in instant messaging services to protect the privacy of your conversations.
• File encryption protects your files so that no one can access them even if they intercept the files in transit.
• Encryption protects you from cybercriminals. It is extremely useful on public Wi-Fi networks, which are often popular with hackers. For example, VPNs use encryption to protect data transmitted over the network, so you can use a VPN to secure public Wi-Fi.