But what does this mean? Many people don't realize the subtle difference that exists between obfuscation and encryption. In this article were going to explore that difference!
Let me first define Obfuscation and Encryption so we can level set and make sure were all on the same page.
Let’s take a moment and think about this. These seem very similar, but if you compare the action of the first to the second you see the difference immediately. Successful obfuscation makes something obscure; it does not make it impossible to see. Successful encryption on the other hand makes something impossible to see without a key.
But wait! This sounds a little like something else I have read before, called hashing and encoding.
Hashing, encoding, encryption and obfuscation are tools to achieve different outcomes, I’ll explain those quickly below:
Let’s walk through the practical side of each of these terms, once we are done here, I know you will have a complete understanding of the topic!
First, hashing is most often used to verify a file has not been changed from its original state.
Problem: How do I know that this configuration file is exactly how I left it last month?
Solution: Because you generated a hash of this config file last month, you can now generate a new hash and compare the hashes to verify the integrity of the file.
For our practical demonstration, think of encoding a lot like you would think of translating this blog post from English to Spanish. The practical application of encoding is very similar!
Problem: You created a video (file) on your phone, but the video playback app on your computer doesn't support that file format.
Solution: You encode the file into a format that is understood by the application.
*Encoding is the most common method to OBFUESCATE data/files.
Encryption is ubiquitous at this point. It’s used behind the scenes, to keep our communication confidential and to only allow those who are authorized to access our communications.
Problem: You need to send your username and password for your bank across the internet, but don't want to do so without ensuring only you or the bank have access to that data.
Solution: Your browser (or mobile app) establishes an encrypted connection to the bank's server, and inside of the encrypted connection all the data transmitted is encrypted to protect it from unauthorized access.
Obfuscation is probably the term that produces the most "what.....does it do again?" types of responses from people.
Think of obfuscation as camouflage for data. You’re obscuring the data, but not limiting access (like encryption). Why would someone want to obfuscate data? Let’s explore that with the problem below.
Problem: I am a hacker; I want to attack an organization, but I know they have deployed AV on their endpoints so if I re-use the same malware that I used a month ago the AV will probably catch it.
Solution: Because I am crafty, I encode the malware to obfuscate (camouflage) the contents of the malicious file from the AV and avoid detection.