This is a topic that has been talked about quite a bit, but I think it's an important one to reiterate to our users. Encoding is not Encryption! is a specific subset of encoding where the encoded messages can only be accessed by authorized parties (the ones holding the decryption keys). Encryption is simply a way of representing data in a specific format. For example, we can encode raw binary data using the ASCII format to visually display english text. Encoding In the context of programming, pure encoding schemes offer absolutely no security. Sometimes formats like JWTs or Base64 outputs can confuse entry-level programmers because they appear encrypted... Encoding formats are only useful because they give computers and humans protocols to view and process raw binary data in a meaningful way. They aren't! To illustrate this point, try the following tools to see how easy it is to decode messages that are just encoded (not encrypted): https://jwt.io/ https://www.base64encode.org Obligatory XKCD https://xkcd.com/257/ Story Time At a job where I worked in the past, a developer who was there before me built his own encoding scheme. It would take the raw binary data contained in a message and map specific bytes sequences to certain characters. It was totally made up, and the comment he left on the code was: // Obfuscation technique. Base53 encoding for security While it may confuse an attacker for a couple minutes, this offers more potential bugs in terms of needless complexity than it does security benefits. With free and easy to use encryption libraries available in all major programming languages, there is no excuse to try to bake your own these days. obfuscation ECC, RSA, AES-256, or another secure algorithm should have been used in the situation above. Ironically, it also probably would have taken less time to implement. Security can be hard. However, take the time to use best-practices. It will save you so much time and headaches in the long run. Good luck, and stay safe out there! By Lane Wagner @wagslane Previously published at https://qvault.io/2019/08/14/stop-with-the-obfuscation-encoding-and-encryption-are-not-the-same/

Randomness and Entropy in Node and Electron

Making a Custom Select Component in Vue.js [A How-To Guide]

Learn to code on Boot.dev

Nominated for 2022 - HackerNoon Contributor of the Year - Algorithms

Nominated for 2022 - HackerNoon Contributor of the Year - Mathematics

Nominated for 2022 - HackerNoon Contributor of the Year - Cryptography

Nominated for Coding Guru of 2022

Nominated for 2022 - HackerNoon Contributor of the Year - Github

Nominated for 2022 - HackerNoon Contributor of the Year - Online Education

Nominated for 2022 - HackerNoon Contributor of the Year - Job Hunting

Nominated for Super Career Strategist of 2022

Too Long; Didn't Read

Stop With the Obfuscation: Encoding and Encryption are Not the Same

Stop With the Obfuscation: Encoding and Encryption are Not the Same

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

A Complete Overview of Cryptography

How to Convert Base64 Data to Files on Linux and Mac OS

How to Get Base64 Encoded Data from an HTML Image Element in JavaScript

Learn More About Data Encoding: Base64 vs Base58

102 Stories To Learn About Encryption

A Complete Overview of Cryptography

How to Convert Base64 Data to Files on Linux and Mac OS

How to Get Base64 Encoded Data from an HTML Image Element in JavaScript

Learn More About Data Encoding: Base64 vs Base58

102 Stories To Learn About Encryption

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps