The Three Essential Cryptographic Tools
Encryption, hashing, and digital signatures
Cryptographic algorithms serve three primary functions — data encryption, authentication, and digital signatures — and choosing the right tool for the right job is critical. A common and dangerous mistake is using encryption to store passwords (a job that requires hashing).
Encryption (Two-Way)
Scrambles readable data (plaintext) into ciphertext using a key, with the specific intention of unscrambling it later. Encryption protects data in transit (HTTPS, messaging) and data at rest (BitLocker, FileVault). It is reversible by design.
Hashing (One-Way)
A mathematical algorithm that crushes any input — a single word or a 100-gigabyte file — into a fixed-length string called a hash or digest. Crucially, hashing is irreversible: you cannot reconstruct the original data from the hash.
High-quality hash algorithms like SHA-256 exhibit the avalanche effect: changing a single comma in a 500-page document produces a completely different hash. Hashing is used for password storage (websites store the hash, never the actual password) and file verification.
Digital Signatures (Authentication Seal)
Combine asymmetric encryption and hashing to provide both authentication (proving identity) and non-repudiation (the sender cannot deny having signed). The signer hashes the document, then encrypts the hash with their private key. The verifier decrypts with the signer's public key and compares. If they match, the signature is valid.
Digital signatures secure software updates, blockchain transactions, certificates, and legal documents.
Key Takeaways
- Encryption is two-way (reversible) — protects data in transit and at rest
- Hashing is one-way (irreversible) — used for password storage and file verification
- Digital signatures combine both to provide authentication and non-repudiation