Beginner’s Guide to Encryption vs Hashing

Aleksa Tamburkovski
Aleksa Tamburkovski
hero image

Encryption and hashing get lumped together all the time, but they do completely different things. Confuse them, and you might end up with a system that looks secure but isn’t.

The good news is this guide clears it up.

You’ll learn what each one actually does, how they work, and when to use them—without the jargon or filler. So whether you're building something or just trying to understand what’s happening under the hood, this will finally make it click.

Sidenote: If you want to improve your Cyber Security skills and make sure you're using the right tools for the job, then check out my complete CyberSecurity Bootcamp!

learn cyber security

Updated for 2025, this is the most comprehensive Cyber Security Bootcamp that you can find - all while being completely beginner friendly!

You’ll not only be able to secure your own systems - but you'll learn enough to be hired as a Cyber Security professional!

With that out of the way, let’s get into this 5-minute tutorial…

Encryption vs Hashing: Mile high comparison

Before we get into the details, here’s a side-by-side look at how encryption and hashing differ. Use this as your quick reference whenever you need to decide which one fits your use case.

Feature Encryption Hashing
Purpose Keep data private Check if data has changed
Reversible? Yes (with the right key) No (one-way only)
Uses a key? Yes No
Output changes every time? No, unless the key or data changes Always the same for same input
Used for Messaging, storage, secure connections Passwords, file integrity, blockchain
Examples AES, RSA, HTTPS SHA-256, SHA-3, bcrypt

Now that the high-level difference is clear, let’s zoom in on encryption and break down what it is, how it works, and why it shows up in more places than you probably realize.

What is Encryption, and how does it work?

Did you ever send secret messages as a kid? Maybe make up your own language with a friend?

Well, encryption is kind of the same thing. It turns readable data into something unreadable called ciphertext. And to turn it back into the original and access it, you need the right key.

This means that even if someone intercepts your data, they can’t understand or use it unless they have the key to unlock it.

It’s one of the best ways to secure your data, and it’s why it’s used to not only secure data in transit (sending files) but also to secure them when stored.

For example

You see encryption at work every day:

  • When you buy something online, encryption protects your payment details during the checkout process.
  • When you use messaging apps like Signal or WhatsApp, encryption ensures only the intended recipient can read your messages.
  • When companies store sensitive user data, encryption ensures that even if someone breaks into the system, they can’t make sense of what they steal.

However, encryption is only as strong as the key management behind it.

If your keys are stored insecurely, shared in the wrong way, or not rotated regularly, attackers can bypass it completely. That’s why key management is one of the most important parts of any secure system.

It’s also why there's more than one way to encrypt things…

Symmetric vs asymmetric encryption

There are two main ways encryption works, depending on how the key is handled.

With symmetric encryption, you use the same key to lock and unlock the data. It’s fast and efficient, which is why it’s often used for encrypting files, databases, and internal data. But it comes with one big challenge: how do you share the key safely with someone else, without it being stolen along the way?

That’s where asymmetric encryption comes in. Instead of one key, you have a key pair:

  • A public key that you share with others
  • And a private key you keep secret

If someone wants to send you encrypted data, they use your public key to lock it. However, they can’t unlock it with that same key. Only your private key can unlock it.

And I know what you’re thinking:

“If asymmetric is more secure - why even bother with symmetric?

Well, like I said earlier - one is more secure but the other is faster to use, which is why most systems use both.

For example

When you visit a website with https://, your browser starts with asymmetric encryption to securely exchange keys and verify the site’s identity. Once trust is established, it switches to symmetric encryption for the rest of the session. It’s faster and more efficient, which makes for a better user experience without compromising security.

But that’s just one piece of the puzzle.

Encryption, no matter how strong, doesn’t stand on its own. It’s part of a larger system of protections that work together to keep data safe. That includes:

  • Authentication helps prove someone is who they say they are. For example, protocols like TLS verify the identity of a server before your browser even starts talking to it
  • Access control limits who can see or do what. This works hand-in-hand with encryption to ensure only the right people can decrypt or interact with sensitive data
  • Trust negotiation helps systems to agree on secure protocols. TLS again plays a key role here by helping two systems decide on things like which encryption algorithms to use and how keys should be exchanged.

You’ll also see tools like AES used for encrypting stored data, and RSA for handling public-private key operations, especially in systems like HTTPS or email encryption.

TL;DR

Encryption protects the data, but the system around it protects the trust. Without that trust layer, encryption can still be bypassed.

And that’s where hashing comes in…

What is Hashing, and how does it work?

Hashing isn’t about hiding information. It’s about checking it to see if it's still secure or has been changed.

For example

Imagine you buy a bottled drink, and the tamper-proof seal is broken when you pick it up. You haven’t even opened it yet, but you already know something might be wrong. Has someone already drunk from it?

Either way, you’ll probably decide against buying and drinking it right?

Well, hashing is the same kind of thing. It’s designed to let you know that something is wrong with the data. Basically, you run your data through a hashing algorithm, which will then give you a short string of characters, called a 'hash’.

You can think of it like a unique fingerprint of the original data. This means that no matter how large or small the input is, the hash will always be the same length and characters.

Why care?

Well if the original file is altered by even a single character and is then hashed to be sent, the hash changes completely and it wont match up with the original. This way you’ll know that something’s off, even if you don’t know exactly what, and it’s why hashing is everywhere in security and software.

For example

Let’s take passwords. When a user signs up to something, the system hashes their password and stores the hash of that password and not the actual password itself.

When they log in later the password they type gets hashed and compared to the hash that's stored. If the hashes match, then we know it’s the same password and can grant them access. But if it's been altered, it stays secure and keeps them out.

The best part about this from a cyber security stand point is that the system never needs to store or even know the original password. That means even if someone steals the user database, they don’t get actual passwords. They just get hashes, which are much harder to work with.

That being said, there are two issues that can arise with hashing.

Potential issue #1. Collisions

Although it's unlikely, there’s always a tiny chance that two different inputs might randomly produce the same output. That’s called a collision. The good news is that strong algorithms like SHA-256 make this extremely unlikely.

Sidenote: Older algorithms like MD5 or SHA-1 have known weaknesses and should be avoided.

Potential issue #2. Same passwords

The other issue is when you have the same hash simply because 2 users managed to use identical passwords completely by accident.

(Password123 anyone?)

As you can imagine, these would produce the same hash, and it happens more than you would think. So much so that hackers can use precomputed hash lists, known as rainbow tables to gain access. (Basically lists of common passwords)

The good news is that there's a solution called ‘salting’.

A salt is a random string that gets added to a password before it’s hashed, so that there's less chance of it being identical to someone else's. That way, even if two people choose the exact same password, their hashes will be completely different because the salt was different each time.

This makes password hashes much harder to reverse engineer and forces attackers to crack each hash individually, instead of all at once

This is why most modern systems will usually generate a new, random salt for every user and store it alongside the hash. Then, when someone logs in, the system adds the same salt again before hashing the input, and checks if the result matches.

What’s the difference between Encryption and Hashing?

So as you can see, although hashing and encryption come up in the same conversation a lot, they solve different problems in very different ways.

  • Encryption hides information. You lock it up, send it somewhere, and unlock it later with the right key. Use encryption when you need to protect data
  • While Hashing checks information. It gives you a fingerprint so you can see if anything’s changed. Use hashing when you need to verify it and make sure you’re salting those passwords!

Now that you know the difference, go back and look at the systems you use or build. Are you encrypting what should be private? Are you hashing what needs to be verified?

Understanding where and how to use these tools is a core part of designing secure systems. Start applying them now, and you’ll be ahead of the curve.

P.S

Don't forget - if you want to improve your Cyber Security skills and make sure you're using the right tools for the job, then check out my complete CyberSecurity Bootcamp!

learn cyber security

Fully updated for 2025 - the Cybersecurity Bootcamp that will take you from ZERO to HIRED as a Cyber Security Engineer. You'll learn the latest best practices, techniques, and tools used for network security so that you can build a fortress for digital assets and prevent black hat hackers from penetrating your systems.

Even better?

Once you join, you'll also get access to our private Discord server.

Here you can chat to me, other students, and working Cyber Security professionals and get help with any questions you might have 24/7.


It’s the best investment you can make to improve your Cyber Security in 2025.

Want more Cyber Security content?

If you enjoyed this post, then check out my other guides and tutorials!

More from Zero To Mastery

Top 5 Reasons To Learn Cyber Security preview
Top 5 Reasons To Learn Cyber Security
15 min read

From getting paid to find exploits to defending against hackers, it's never a boring job in Cyber Security! Here are the top 5 reasons to learn cybersecurity.

Red Team vs Blue Team  in Cyber Security preview
Red Team vs Blue Team in Cyber Security
8 min read

It's not enough to just have Firewalls and 2FA anymore. That's the baseline. If you really want to be secure, then you need to test your security. 🔒Here's how.

Introduction to Whitebox Testing in Cyber Security preview
Introduction to Whitebox Testing in Cyber Security
21 min read

Discover how whitebox testing uncovers hidden vulnerabilities in code, giving you a hands-on approach to securing applications from the inside out.