Sandline Discovery - Insight, Ideas and eDiscovery
Encryption, encoding and hashing are all important in ediscovery and very different, but easily mixed up because the results tend to look the similar. For the plain text, "Sandline", for example:
Encrypted hQIMAw4+IBn8uOT0ARAAw … truncated …
Encodings are a sort of language, intended to allow anyone who speaks the language to read the message. Those who speak Base 64 might understand that U2FuZGxpbmU= means "Sandline", while English readers might understand that "Sandline" means "Sandline".
Encodings are everywhere and messages are encoded on many levels. This blog article is encoded in English, which is encoded in UTF-8, which is encoded in HTML and eventually in some hardware-level protocol for display on your screen. Encodings are for exchanging data, not necessarily keeping it secret.
Hashing is entirely different. Hashing reduces a long message to a short signature that is really just a large number. The terms "hash", "checksum", "digest" and "signature" are interchangeable in this context.
Unlike encoding and encryption, hashes do not contain the message content. So, given the hash, you could not easily discover that the original data was "Sandline". You could, however, enumerate many messages until you found one with the same hash: a hash "collision".
Types of hashes are also called "hash functions" and for some it is harder to find collisions than for others. When it is hard – for precise mathematical definitions of "hard" – to find a collision, the hash function is typically considered "cryptographic", further adding to the confusion between encryption and hashing.
Written by Joe Ulfers
We just sent you an email. Please click the link in the email to confirm your subscription!