What is the difference between Encoding, Encryption and Hashing?

Simplistic definition

• Encoding: is the way in which character sets are mapped and manipulated.
• Encryption: is the process of being cryptographic a data (given any).
• Hashing: is the process of generating a sequence of bits based on an input data in order to uniquely identify it.

Definition

• Encoding: is the way in which character sets are mapped and manipulated by machines, be it software, be it a browser etc ex: In the ISO 8859-1 encoding the letter "A" is at 65º (starting from scratch) and can be represented on the computer using a single byte with a value of 65.
• Encryption: is the process of transforming information using an algorithm so as to make it impossible to read it to anyone except those who possess particular information, usually referred to as a key. The result of this process is encrypted information.
• Hashing: is the process of creating a hash that is a sequence of bits generated by a dispersion algorithm, usually represented on a hexadecimal basis, representing a Nibble each. This sequence seeks to identify a file or information only. For example, an email message, a password, a cryptographic key or even a file.

Examples

Encoding:

• UTF-8 is a type of variable-length Unicode encoding created by Ken Thompson and Rob Pike. It can represent any standard universal character of Unicode and is also compatible with ASCII. For this reason, it is slowly being adapted as standard encoding type for email, web pages, and other places where characters are stored.
• ISO 8859-1 is a character encoding of the Latin alphabet, the first part of ISO 8859. It was developed by ISO, and was subsequently maintained by ISO and IEC.

Encryption:

• DES: Fundamentally DES performs only two operations on its input: bit displacement and bit replacement. The key controls exactly how this process occurs. By doing these operations over and over and in a non-linear way, a result can be achieved that cannot be reversed to the original input without the use of the key.
• IDEA: is a block cipher algorithm that makes use of 128-bit keys and has a structure similar to DES. Its software implementation is easier than its implementation. As a block cipher, it is also symmetrical. The algorithm was designed as a replacement for the Data Encryption Standard (DES). IDEA is a small revision of an earlier cipher, PES (Proposed Encryption Standard); idea was originally called IPES (Improved PES).
• RC4: is the most commonly used symmetric flow encryption algorithm in software and used in the most well-known protocols, such as Secure Socket Layers (SSL) (to protect Internet traffic) and WEP (for the security of wireless networks). RC4 is not considered one of the best cryptographic systems by crypto adepts, and in some applications can become very insecure systems.
• Blowfish: is a symmetric block cipher that can be used in place of DES or IDEA. It takes a variable-size key, from 32 to 448 bits, making it ideal for both domestic and commercial applications.

Hashing:

• MD5: is a 128-bit unidirectional hash algorithm developed by RSA Data Security, Inc., described in RFC 1321, and widely used peer-to-peer software protocol (P2P, or peer-to-peer English) in the integrity check of files and logins.
• SHA: The SHA (Secure Hash Algorithm) family is related to cryptographic functions (message Digest). The most commonly used function in this family, the SHA-1, is used in a wide variety of security applications and protocols, including TLS, SSL, PGP, SSH, S/MIME, and Ipsec. SHA-1 was considered the successor of MD5. Both have proven vulnerabilities.

Sources from Sopt himself:

Tag encryption

Tag hash

Tag Character-encoding

How to hash passwords securely?

Encoding, sometimes called "serialization", is to take some information (e.g., a set of characters) and represent it ("encode it") by means of a sequence of symbols (e.g., an array of bytes). Usually when talking about encoding is referring to Character encoding ("character encoding"), which is like abstract texts (sequences of Unicode Code Points) are expressed in bytes (either for transport or for internal processing).

Encryption (encryption, encryption) consists of transforming one readable information into another illegible ("indecipherable") by everyone except one who possesses a secret capable of deciphering it (called a "key"). The encrypted information can be transformed back into the original information, either with the same key used to encrypt (symmetric encryption, e.g.: AES, 3DES) or with a distinct key (asymmetric encryption, e.g.: RSA, ECC).

Hashing ("cryptographic shuffling function") is the process of converting a data of arbitrary size into a data of fixed size so that it is impracticable: a) to discover the original data from the hased data (pre-image resistance); b) given a hash and its origin, find different data of the same that produce the same hash (resistance to the second pre-image); c) easily produce different data that produce the same hash (collision resistance).

The main difference between Encryption and hashing is that the first process is reversible and the second is not. Uses of hash functions include:

• Identify only a file, as pointed out in reply from Ricardo Henrique:
  • If the hash is collision resistant, one can use this function to quickly find out if any two files within a larger set are equal (e.g.: you have a folder with 50,000 files of the same size and want to know which ones are duplicated; instead of comparing them all two by two, you hash them all and check which ones have the same hash).
  • If the hash is resistant to the second pre-image, and the hash of a file is known, then one cannot [easily] produce another that has the same hash, so that this can be used to ensure the integrity of the file.
    • Furthermore, if you used a cryptographic key together with the hash, in addition to the integrity you can guarantee the authenticity of the file. See HMAC.
• Prove that a certain data is identical to another, without the need to store that data. Widely used in password storage: if your BD only contains [pre-image resistant] hashes, an attacker who sees a copy of it cannot find the original password. And when a user wants to authenticate with the site, this may recreate the password hash and compare both hashes to see if they match. If they match, then it is very likely that the password will be identical to the one registered by the user.
  • Note that knowing only the hash does not help the attacker at all - because what is used as an authentication credential is not the hash, but yes something that after hasehado is equal to that hash. As long as the attacker does not find this "something", he cannot impersonate that user.

An example where all three are used would be: I have a text in my computer memory, and I want to save it to a file that only I can access. First me code this text in UTF-8, then I encryption the resulting bytes using a key that only I know about (derived from a password, for example, or saved somewhere safe, such as a removable device) and finally I hashish the bytes encrypted so that when I go decrypt that file in the future I can be sure that no one has touched it (the hash also has to be saved in a safe place, for me to compare to the hash of the file in the future, but no matter the file size the hash will only be a few bytes).