Skip to main content
AI Assist is now on Stack Overflow. Start a chat to get instant answers from across the network. Sign up to save and share your chats.

Return to Answer

added 255 characters in body
Source Link
arboreal84
arboreal84
  • 2.2k
  • 21
  • 24

They are almost equivalent.

The difference is how the encoding for the string is established.

In the first portion of code it assumes ASCII, whereas in the second portion it assumes UTF-8. It is possible that the string used another encoding which is none of those.

But regardless of that, the idea is to understand what is the goal of this operation. The truly relevant things in this context are:

  1. Given equal input, output should be the same
  2. Not requiring to store or transmit the original input in plaintext
  3. There should be no way to retrieve the plaintext only by knowing the output (within a reasonable amount of time)
  4. After hashing, you no longer require the original input in plaintext.

A secure cryptographic hashing function (meaning not older functions like MD5) achieves that.

Then, if your data store where hashes are stored is compromised, the attacker would only have a hash which cannot be used to retrieved the original plaintext. This is why hashing is used rather than encryption, encryption is a reversible operation (through decryption).

Then, within the system, if you've made the decision to use one encoding, you need to keep that decision consistent across all components in your system so they can interoperate.

They are almost equivalent.

The difference is how the encoding for the string is established.

In the first portion of code it assumes ASCII, whereas in the second portion it assumes UTF-8. It is possible that the string used another encoding which is none of those.

But regardless of that, the idea is to understand what is the goal of this operation. The truly relevant things in this context are:

  1. Given equal input, output should be the same
  2. Not requiring to store or transmit the original input in plaintext
  3. There should be no way to retrieve the plaintext only by knowing the output (within a reasonable amount of time)

A secure cryptographic hashing function (meaning not older functions MD5) achieves that.

Then, within the system, if you've made the decision to use one encoding, you need to keep that decision consistent across all components in your system so they can interoperate.

They are almost equivalent.

The difference is how the encoding for the string is established.

In the first portion of code it assumes ASCII, whereas in the second portion it assumes UTF-8. It is possible that the string used another encoding which is none of those.

But regardless of that, the idea is to understand what is the goal of this operation. The truly relevant things in this context are:

  1. Given equal input, output should be the same
  2. There should be no way to retrieve the plaintext only by knowing the output (within a reasonable amount of time)
  3. After hashing, you no longer require the original input in plaintext.

A secure cryptographic hashing function (meaning not older functions like MD5) achieves that.

Then, if your data store where hashes are stored is compromised, the attacker would only have a hash which cannot be used to retrieved the original plaintext. This is why hashing is used rather than encryption, encryption is a reversible operation (through decryption).

Then, within the system, if you've made the decision to use one encoding, you need to keep that decision consistent across all components in your system so they can interoperate.

Source Link
arboreal84
arboreal84
  • 2.2k
  • 21
  • 24

They are almost equivalent.

The difference is how the encoding for the string is established.

In the first portion of code it assumes ASCII, whereas in the second portion it assumes UTF-8. It is possible that the string used another encoding which is none of those.

But regardless of that, the idea is to understand what is the goal of this operation. The truly relevant things in this context are:

  1. Given equal input, output should be the same
  2. Not requiring to store or transmit the original input in plaintext
  3. There should be no way to retrieve the plaintext only by knowing the output (within a reasonable amount of time)

A secure cryptographic hashing function (meaning not older functions MD5) achieves that.

Then, within the system, if you've made the decision to use one encoding, you need to keep that decision consistent across all components in your system so they can interoperate.