Encoding, Encryption, Hashing, and Obfuscation

1. Overview

Let's distinguish these confusing concepts

2. Description

2.1 Encoding

The purpose of encoding is to transform data so that it can be properly and safely consumed by a different type of system. For example, binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it's able to be properly consumed.

Encoding transforms data into another format using a scheme that is publicly available so that it can easily be reversed. it doesn't require a key as the only thing required to decode it is the algorithm that was used to encode it.

 

2.1.1 Examples

• ASCII, UNICODE, URL Encoding, BASE64

2.2 Encryption

cipertext

The purpose of encryption is to transform data in order to keep it secret from others, e.g. sending someone a secret letter that only they should be able to read, or securely sending a password over the Internet. Rather than focusing on usability, the goal is to ensure the data can't be consumed by unauthorized others than the intended recipients.

Encryption transforms data into another format in such a way that only specific individuals can reverse the transformation. It uses a key, which is kept a secret, in conjunction with the plaintext and the algorithm, in order to perform the encryption operation. As such, the ciphertext, algorithm, and key are all required to return to the plaintext.

 

2.2.1 Examples

• AES, BLOWFISH, RSA

2.3 Hashing

 

Hashing serves the purpose of ensuring the integrity, i.e. making it so that if something is changed you can know that it's changed. Technically, hashing takes arbitrary input and produce a fixed-length string that has the following attributes.

• The same input will always produce the same output
• Multiple disparate inputs aim not to produce the same output
• It should not be possible to go from the output to the input
• Any modification of a given input should result in a drastic change to the hash

When the recipient opens the messages, they can then validate the signature of the hash with sender's public key and then hash the message themselves and compare it to the hash that was signed by the sender. If they match it is an unmodified message, sent by the correct person.

2.3.1 Examples

• SHA-3, MD5(OBSOLETE), etc.

2.4 Obfuscation

The purpose of obfuscation is to make something harder to understand, usually for the purposes of making it more difficult to attack or to copy.

One common use is the obfuscation of source code so that it's harder to replicate a given product if it is reverse engineered. 

It's important to note that obfuscation is not a strong control(like properly employed encryption) but rather an obstacle. It, like encoding, can often be reversed by using the same technique that obfuscated it. Other time it is simply a manual process that takes time to work through.

Another key thing to realize about obfuscation is that there is a limitation to how obscure the code can become, depending on the content being obscured. If you are obscuring computer code, the limitation is that the result must still be consumable by the computer or else the application will cease to function.

2.4.1 Examples

• Javascript Obfuscator, Proguard

3. Summary

3.1 Encoding

• Maintaining data usability
• Being reversed by employing the same algorithm that encoded the content
• No key is used

3.2 Encryption

• Maintaining data confidentiality
• Using a key for keeping secret in order to return a plaintext

3.3 Hashing

• Validating the integrity of the content by detecting all modification thereof via obvious changes to the hash output

3.4 Obfuscation

• Preventing others from understanding the meaning of something
• Often used with computer code to help prevent successful reverse engineering and/or theft of a product's functionality

4. References

https://danielmiessler.com/study/encoding-encryption-hashing-obfuscation/