You’ve definitely used both terms, but many devs blur the line. Let’s make it crystal clear.
🔐 Encryption
-
Purpose: To securely transmit or store data so it can be later decrypted.
-
Reversible? ✅ Yes — if you have the key.
-
Use cases:
-
Sending data over HTTPS
-
Encrypting local database/files
-
End-to-end encrypted messages (e.g., Signal)
-
Example: AES, RSA, ECC
// Symmetric encryption idea
val secretKey = ...
val cipher = Cipher.getInstance("AES")
cipher.init(Cipher.ENCRYPT_MODE, secretKey)
val encrypted = cipher.doFinal("SensitiveData".toByteArray())
🧠 Hashing
-
Purpose: To verify integrity or store something in a non-reversible way.
-
Reversible? ❌ No — one-way function.
-
Use cases:
-
Password storage (store only the hash!)
-
Data integrity checks (e.g., file SHA256)
-
Hash maps (for fast lookup)
-
Example: SHA-256, MD5 (bad!), bcrypt, scrypt, Argon2
// Hashing idea
val md = MessageDigest.getInstance("SHA-256")
val hash = md.digest("MySecretPassword".toByteArray())
🔒 Why It Matters for Android Devs
-
Never store passwords using encryption — use hashing with salt and key stretching (like bcrypt).
-
If your app uses JWT, remember: the signature is a hash (HMAC or RSA), not encryption.
-
Misusing encryption or hashing leads to severe security holes, even if you’re “using crypto.”