People often use the terms encoding, hashing and encryption interchangeably. They are not the same thing.
Understanding the distinction is important because these concepts appear everywhere in offensive security, from web applications and Active Directory to malware and command-and-control frameworks.
A popular online tool to quickly transform data is CyberChef.
Keep in mind that you should never expose sensitive real-life information in public tooling and generally must rely on alternate offline approaches (as you get better). However, it's very good for CTFs and training.
Encoding
Encoding is the process of transforming data into a different representation.
The primary goal of encoding is compatibility, not secrecy.
Anyone who understands the encoding format can immediately recover the original data without requiring a secret key.
Common examples include:
- ASCII
- Unicode (UTF-8)
- Hexadecimal
- Base64
For example, the string:
Hello
becomes:
SGVsbG8=
when Base64 encoded.
However, this does not provide security. Anyone can simply decode it and recover the original value.
A useful way to remember this is:
Encoding = Representation
This is good to transport data without breaking it as it passes through multiple parsers.
Hashing
Hashing transforms data into a fixed-size value.
The primary goal of hashing is integrity, not secrecy.
A good hash function is one-way: given the hash, we should not be able to recover the original input.
Common examples include:
- SHA-256
- SHA-1
- MD5
For example, defenders may hash a file and compare the result against a known value:
File
↓
SHA-256
↓
Hash Value
If the file changes, the hash changes.
Hashes are frequently used for:
- File integrity
- Password storage
- Malware identification
- Deduplication
- Digital signatures
MD5 and SHA-1 are considered weak for collision-resistant security. SHA-256 is a safer default for modern integrity checks.
A useful way to remember this is:
Hashing = Fingerprint
XOR Encoding
XOR occupies an interesting position.
In its simplest form, XOR is often used as a lightweight encoding or obfuscation mechanism.
For example:
Original Data
XOR
Secret Value
↓
Encoded Data
Applying the same XOR operation a second time restores the original value:
Encoded Data
XOR
Secret Value
↓
Original Data
This makes XOR extremely popular in malware, shellcode and proof-of-concept tooling because it is simple, fast and easy to implement.
However, XOR alone should generally not be considered secure encryption.
The primary purpose is usually:
- Obfuscation
- Avoiding simple signatures
- Hiding strings or payloads from casual inspection
rather than providing meaningful security.
Encryption
Encryption is the process of transforming data into an unreadable form using a secret key.
Unlike encoding, encryption is specifically designed to prevent unauthorized parties from recovering the original information.
Without the correct key, recovering the plaintext should be computationally difficult or practically impossible.
A useful way to remember this is:
Encoding = Compatibility
Hashing = Integrity
Encryption = Confidentiality
RC4
RC4 is a stream cipher that was historically very popular due to its simplicity and speed.
Conceptually:
Plaintext
+
Keystream
↓
Ciphertext
The same key is used to generate a stream of pseudo-random bytes which are combined with the plaintext.
RC4 was widely used in:
- Malware
- Legacy software
- Wireless protocols
- Early TLS implementations
Today, RC4 is considered cryptographically broken and should generally be avoided for new systems.
However, operators and reverse engineers still encounter it regularly when analyzing older software and malware.
AES
AES (Advanced Encryption Standard) is the modern industry standard for symmetric encryption.
Unlike RC4, AES operates on blocks of data and is designed to provide strong confidentiality and resistance against modern cryptographic attacks.
AES is used virtually everywhere:
- HTTPS/TLS
- VPNs
- Password managers
- Disk encryption
- Cloud services
- Modern malware
- Command-and-control frameworks
Conceptually:
Plaintext
+
AES Key
↓
Ciphertext
The encrypted data appears random and cannot be meaningfully recovered without the correct key.
Common AES key sizes include:
- AES-128
- AES-192
- AES-256
In practice, AES-256 is one of the most common choices for modern offensive and defensive tooling.