< Back to Hub

Encryption Playground

Understanding Encryption

Encryption protects data by transforming it into an unreadable format. Only those with the correct key can decrypt and read the original data. This playground demonstrates encryption concepts for protecting data in transit and at rest.

Symmetric Encryption
HTTPS / TLS
Password Hashing
Field-Level Encryption

Encrypt Data

Click "Encrypt" to see result

Decrypt Data

Click "Decrypt" to see result

What is Symmetric Encryption?

Uses the same key for both encryption and decryption. Fast and efficient for large amounts of data. Examples: AES, Fernet.

Key Management

The key must be kept secret and shared securely between parties. Store in environment variables or secret vaults, never in code.

When to Use

Encrypting data at rest (databases, files), session tokens, API keys stored in databases.

# Python: Encrypt with Fernet (symmetric encryption) from cryptography.fernet import Fernet # Generate a key (do this once, store securely) key = Fernet.generate_key() cipher = Fernet(key) # Encrypt encrypted = cipher.encrypt(b"secret data") # Decrypt decrypted = cipher.decrypt(encrypted)

How HTTPS Protects Data in Transit

1
Your Browser
{"password": "secret123"}
HTTP (Insecure)
Anyone can read this!
vs
aGVsbG8gd29ybGQhIQ==
HTTPS (Encrypted)
Only endpoints can read
2
ML API Server
Aspect HTTP HTTPS
Data Encryption None TLS 1.2+
Man-in-the-Middle Vulnerable Protected
API Keys in Headers Visible to attackers Encrypted
Production Use Never Required

TLS Handshake

Client and server exchange certificates and agree on encryption keys. This happens automatically when you use HTTPS.

Certificate Authority

Trusted third parties (Let's Encrypt, DigiCert) that verify server identity and issue SSL/TLS certificates.

In Production

Use platforms like Heroku, Vercel, or AWS that provide HTTPS automatically. Never disable SSL verification in code.

Hash a Password

Click "Hash Password" to see result

Note: Real hashing uses bcrypt, argon2, or similar. This demo simulates the concept.

Why Hashing?

Method Reversible? Use Case
Plain Text N/A - Exposed! Never for passwords
Encryption Yes (with key) Data you need to read later
Hashing No Passwords, integrity checks
# Python: Hash passwords with bcrypt import bcrypt # Hash a password (during registration) password = b"user_password" salt = bcrypt.gensalt() hashed = bcrypt.hashpw(password, salt) # Verify a password (during login) if bcrypt.checkpw(password, hashed): print("Password matches!")

Database Without Field Encryption

users table: +----+------------------+---------------------+ | id | email | api_token | +----+------------------+---------------------+ | 1 | [email protected]| sk-abc123secret | | 2 | [email protected] | sk-xyz789token | +----+------------------+---------------------+ If database is breached, all tokens exposed!

Database With Field Encryption

users table: +----+------------------+--------------------------------+ | id | email | api_token (encrypted) | +----+------------------+--------------------------------+ | 1 | [email protected]| gAAAAABh8X2K...encrypted... | | 2 | [email protected] | gAAAAABh8X3L...encrypted... | +----+------------------+--------------------------------+ Tokens are protected even if database is breached!
# Python: Field-level encryption for sensitive database fields from cryptography.fernet import Fernet import os # Load encryption key from environment key = os.environ.get('ENCRYPTION_KEY') cipher = Fernet(key) class User: def save_api_token(self, token): # Encrypt before storing self.api_token = cipher.encrypt(token.encode()) db.save(self) def get_api_token(self): # Decrypt when reading return cipher.decrypt(self.api_token).decode()

What to Encrypt

API tokens, credit card numbers, SSN, health data, any PII that would cause harm if exposed.

Key Rotation

Periodically change encryption keys. Re-encrypt existing data with new keys.

Performance

Encryption adds overhead. Only encrypt fields that truly need protection, not entire database.