Hashing, encoding & encryption- When to use which ?

Author

Mahdi Mashrur Matin
March 26, 2025

 If you’ve ever nodded along in a meeting pretending you totally know the difference between hashing, encoding, and encryption... Congrats β€” you’re officially a developer. πŸ˜… But don’t worry, we’re about to clear it up. Forever. In English. No jargon. No judgment.

π‡πšπ¬π‘π’π§π  :
Hashing is like a fingerprint for your data.
 Hashing creates a fixed-length digest from data β€” it's one-way and irreversible.
Even a tiny change gives a completely different hash. That’s why it is perfect for fingerprinting and integrity checks.

π„π§πœπ¨ππ’π§π  :
Encoding transforms data into another format using a public algorithm, so it's fully reversible with no key. It does not require a key as the only thing required to decode it is the algorithm that was used to encode it.
The goal of encoding is format compatibility

π„π§πœπ«π²π©π­π’π¨π§
Encryption transforms data to a secret format that only someone with the correct key can decrypt.
The goal of encryption is data confidentiality

🧠 𝐓𝐋;𝐃𝐑

- Hashing = Integrity check πŸ”
- Encoding = Format compatibility 🧾
- Encryption = Data confidentiality πŸ”

π–π‘πžπ§ 𝐭𝐨 𝐞𝐧𝐜𝐫𝐲𝐩𝐭 ?
Use encryption when you need to send or store sensitive data and retrieve it later.
eg: If you're sending sensitive stuff β€” like credit card data β€” encrypt it. That way, only the right person with the key can read it.
But, why not encode ? Because, encoding is easily reversible & insecure
Why not hash ? Because, You can’t get the original data back

π–π‘πžπ§ 𝐭𝐨 𝐑𝐚𝐬𝐑?
When something is hashed, the created hash is often much smaller , so information gets lost .
Use hashing when you never need the original β€” just want to verify it hasn’t changed.

eg: When storing user passwords- we hash it . You only need to compare passwords, not retrieve them. That way a person/server can check if the hash of your password matches, without knowing your actual password.

Why not encode the passwords? Because, encoding is easily reversible & insecure.

Why not encrypt the passwords? Too much risk if the key is leaked , also unnecessary since you don’t need to decrypt.

π–π‘πžπ§ 𝐭𝐨 𝐞𝐧𝐜𝐨𝐝𝐞?
Use encoding for format compatibility, not secrecy or verification.

eg: When we are sending binary files in a JSON API we use base64 Encoding

JSON is a text-based format , so it can't handle raw binary data like images or PDFs.
Encoding (like Base64) converts binary into text, making it safe to include in JSON payloads.

Why not Hashing?
Hashing gives you a fingerprint, not the original file. It's one-way, so you lose the data.

Why not Encryption?
Encryption keeps data secret ,but in this case, you just want it to be readable in JSON, not hidden.

Dev Memes of the week

  1. #itHurts πŸ˜‚

  2. Indeed great time to learn security πŸ˜‚

  3. #peakProgrammerCareerTrajectory πŸ˜‚

Read of the week

This week I learned why Google bought cloud security startup Wiz for $32B from this amazing piece by Francis Odum

Here is the tldr:
Google knows that it's cashcow search business will be disrupted in next decade.
So, to stay relevant, it needs to win in cloud and AI.

But, Google had the weakest growth rates & cybersecurity among major cloud hyperscalers (AWS, GCP, Azure).

Wiz perfectly fills that gap β€” boosting Google’s cloud security and giving it an edge in securing AI models in the cloud.

Hence, google was so aggressive in buying Wiz.
Acquiring in all cash of 32 Billion $$ , at an almost ~50X multiple of revenue

Β© 2025 The Secure Coder.

Privacy Policy

Terms of Use

Powered by beehiiv