Encryption.
The reversible transformation of data into ciphertext using a cryptographic key, so the original can be recovered only by a party holding the matching key.
Encryption is reversible; hashing is not. A system that "encrypts passwords" is doing it wrong — passwords should be hashed with a slow KDF, never encrypted. The reason is operational: an attacker who breaches the encryption key gets every password back in plaintext, whereas an attacker who breaches a properly-hashed database still has to crack each hash individually.
Symmetric vs asymmetric is a performance and key-management tradeoff. Symmetric is 100-1000× faster per byte but requires both parties to share the secret key, which is the hard distribution problem asymmetric crypto exists to solve. Hybrid schemes (TLS, OIDC token encryption via JWE) use asymmetric to exchange a fresh symmetric key, then encrypt the bulk traffic symmetrically.
Common questions
What is the difference between encryption and hashing?
What is the difference between symmetric and asymmetric encryption?
Are passwords encrypted or hashed?
Related terms
In the guides
JWT Explained: JSON Web Tokens, JWT Authentication, and the Pitfalls
JWT (JSON Web Token) is the dominant signed-token format for authentication and API authorization. How JWT tokens are structured, how JWT authentication works in OAuth 2.0 / OIDC, which algorithms to pin, and the recurring vulnerability classes that keep biting implementers.
mTLS Explained: Mutual TLS for Service Identity and API Authentication
Mutual TLS authenticates both sides of the connection. How it works for service-to-service, where SPIFFE/SPIRE fits, and the cert-management pitfalls that bite.
Post-Quantum Cryptography for Authentication: What CIAM Teams Should Do in 2026
When post-quantum cryptography matters for authentication, what NIST has standardized, and the realistic CIAM migration path through 2030.