What is the difference between hashing a password and encrypting it?
The Answer
Simple Differences between hasing a password and encrypting a password.
1)Hashing is a one way function It's irreversible, if we use the secure hash algorithm and we cannot get the original string back. The most we can do is to generate what's called "a collision", that is, finding a different string that provides the same hash.
Encrypting is a two way function. It's reversible, we can decrypt the mangled string to get original string if we have the key.
2)An attacker who gets access to our database (and/or code) can get the original passwords by getting both the key and the encrypted text, whereas with a hash it's impossible.
3)A hashing function takes input and produces a smaller output, typically of a fixed size as well.
An encryption function takes input and produces encrypted output that is the same, or slightly larger size.
It's unsafe to store passwords using an encryption algorithm because if it's easier for the user or the administrator to get the original password back from the encrypted text, it's also easier for an attacker to do the same..