To quote Microsoft, encryption is defined as the process of making data unreadable and unusable to unauthorized viewers. But what does this mean and how does encryption complete this task? Well, simply put, it encrypts data, so it's unreadable without a key. Think of it like a code that you cannot decipher without a special key that tells you how to do so. Now, there are two types of encryption: symmetric encryption and asymmetric encryption. Both of these encrypt data in a similar fashion, however, they have a very large difference that separates them. Symmetric encryption uses a special key to encrypt the data. Once the data is encrypted, it can then use that same key to then decrypt the data. Asymmetric encryption acts incredibly similar, only it requires a pair of keys rather than a single key like symmetric encryption. This pair of keys consists of a public key and a private key. Asymmetric encryption can use either of these keys to encrypt the data, However, it needs a paired key to decrypt the data.

For example, if the public key was used to encrypt data, then the private key would be used to decrypt the data. As long as you can remember, asymmetric contains two parts of a whole, it's relatively easy to remember the differences between symmetric and asymmetric. Now hashing is a bit different than encryption as it doesn't rely on keys, rather, it relies on an algorithm. This algorithm converts text to a unique fixed length value, and this unique value is what's known as a hash. That hash is then associated with the data inputted into the algorithm and can be used as an identifier for that data. It is worth noting that if you enter the same text into the same algorithm, you will always get the same unique value as is the nature of algorithms. Now, hashing is generally used to store passwords. Simply put, rather than comparing the actual password to the stored password, it compares the inputted hash value to the stored hash value of the password. So, when someone enters a password, the algorithm creates a hash of that password, which is then compared to that stored hash version of the password. However, due to the nature of algorithms, it's not impossible for hackers to brute force a hash.

This is where another level of security comes into play that is known as salting. Salting is the process of adding additional values to the end of entered passwords to change the hash value produced by the entered password. This guarantees a unique output and adds another layer of security on top of traditional hashing. Now that we understand the basics of encryption and hashing, let's quickly touch on data itself as it will provide important context for our next lecture. Azure encrypts data differently depending upon the state of that data. Specifically, data can be in a state of rest, a state of transit, or in use. Data at rest is simply data stored not currently being accessed or used. Think of this as data currently saved in your hard drive or data that you aren't currently accessing, that data is saved on the hard drive, but since it's not currently being used, the data is considered at rest. Data in transit is data currently being transferred between locations over a network. In its simplest form, think of it like an email. The email is data being transferred or sent to another location.

But finally, we have data in use which is simply data that's currently being updated or accessed. Simply put, this is data that is active and is stored in a non-persistent state like the RAM CPU cache. Data at rest may be encrypted with symmetric encryption, while data in transit tends to utilize asymmetric encryption. Depending on the state of your data, the encryption may vary which is why it's important to understand this before moving into the next steps. For more information on the process of encryption and the types of data, I have linked related documentation in the transcript for you to review.