Encryption vs Digest vs Encoding: Clear Differences and When to Use Each

Background

During technical discussions we often confuse three related terms: encryption , digest , and encoding . The article illustrates three typical scenarios where these terms are misused.

Q: Which encryption algorithm is used? How is the key stored? What is the decryption process? A: MD5 or SHA‑1 algorithm is mentioned, followed by further discussion.

Scenario 2: A long identifier (e.g., activity ID) needs to be visible to users but should not be easily enumerable. The question is whether it can be encrypted and then truncated.

Q: How to encrypt and truncate? A: Use an MD5 hash, take the first 32 bits, then truncate to the desired length.

Scenario 3: A field’s content is large and consumes storage; can it be encrypted and compressed, then decrypted on read?

Q: How to encrypt and compress, and how to decrypt on query? A: Various methods exist, such as using protobuf: encrypt when writing, decrypt when reading.

Terminology

Encryption

Encryption transforms cleartext into ciphertext that is unreadable without the proper decryption method. It belongs to cryptography and involves two main algorithm families:

Symmetric‑key encryption (e.g., DES) where the same key is used for encryption and decryption.

Asymmetric‑key encryption (e.g., RSA) where separate public and private keys are used.

In practice, developers often use DES or RSA variants, and the JDK Security API provides ready‑made implementations.

Digest (Hash)

A digest, also called a message‑digest or hash, is a one‑way function that maps input data to a fixed‑size output. It is irreversible and may produce collisions.

Common hash algorithms: MD5, SHA‑1, SHA‑256.

Although MD5 is considered insecure academically, it is still widely used in many systems, and Java’s security libraries offer APIs for these functions.

Encoding

Encoding converts data from one representation to another; decoding is the reverse process. It is not a security mechanism but a data‑format transformation.

Typical encoding formats: XML, JSON, Protobuf, Thrift, Hessian, Base64.

Encoding often pairs with communication protocols such as REST or RPC.

Differences and Similarities

All three processes can be viewed as information transformations: Output = F(Input1, Input2, ...), where F is the algorithm or format used.

Encryption is generally reversible, retains the original information size (linear relationship), and involves plaintext, key, and ciphertext.

Digest is irreversible, loses information, and the output length is unrelated to the input size; collisions can occur.

Encoding is reversible, preserves information size proportionally, and the output length depends on the chosen format (e.g., Protobuf is more compact than XML or JSON).

Understanding these distinctions helps avoid miscommunication, such as referring to a digest or encoding when encryption is intended.