One-way encryption (hashing) - What it is, why it matters, and how to use it safely

One-Way Encryption

What it is

One-way encryption is the everyday name for cryptographic hashing. It turns readable data into a fixed-length digest that cannot be turned back into the original. Even if someone knows the algorithm, they cannot reverse it without guessing the original input.

Why it matters

Hashes let services store passwords safely without keeping the actual passwords. They also help verify file integrity and detect tampering. If a database leaks, strong hashing makes stolen digests hard to use.

How it works - quick tour

  • You run data through a hash function and get a unique-looking digest.

  • Good functions are preimage resistant: given a digest, it is impractical to find an input that makes it.

  • They are collision resistant: it is impractical to find two different inputs with the same digest.

  • For passwords, sites add a salt and use slow, memory-hard hashers so attackers cannot try guesses quickly.

Good uses

  • Password storage: use Argon2, scrypt, bcrypt, or PBKDF2 with a unique salt per password.

  • Integrity checks: verify downloads with SHA-256 digests.

  • Digital signatures: hash first, then sign the hash for efficiency.

Common pitfalls

  • Using fast hashes like MD5 or plain SHA-1/SHA-256 for passwords without a salt.

  • Reusing salts or omitting them, which makes rainbow tables effective.

  • Confusing hashing with encryption: encryption is reversible with a key, hashing is not.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • MFA (Multi-Factor Authentication)

        What it is Multi-Factor Authentication (MFA) adds an extra check when you sign in, so it is not just a password. You confirm with something you know (password) plus something you have or are. For a short primer, see our MFA explainer. Why it matters ...

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Form-Based Authentication

        What it is Form-based authentication is the login box you see on most websites. A page asks for your username and password, then the app checks them and signs you in if they match. How it works - quick tour You enter credentials in a web form and ...

      • Kerberos

        What it is Kerberos is a ticket-based login system that lets users and services prove who they are on a network without sending passwords. It uses a trusted Key Distribution Center (KDC) to hand out encrypted tickets so both sides can verify each ...