Base64 Is Not Encryption (And Other Things Developers Get Wrong)

I once reviewed a codebase that stored user passwords as Base64-encoded strings in the database. The developer who wrote it told me the passwords were "encrypted." They weren't. Base64 is an encoding scheme, not an encryption algorithm. There's no key, no secret, no security. Anyone can decode a Base64 string instantly with a single function call. It's the equivalent of writing a secret message in pig Latin and calling it a cipher. This misconception is dangerous and surprisingly common. Let me explain what Base64 actually is, why it exists, and when you should (and shouldn't) use it. What Base64 actually does Base64 converts binary data into a string of 64 printable ASCII characters. That's it. It's a way to represent arbitrary bytes using only letters (A-Z, a-z), digits (0-9), plus (+), and slash (/), with equals (=) for padding. The algorithm works in groups of 3 bytes (24 bits). It splits those 24 bits into four 6-bit chunks, and each 6-bit chunk maps to one of the 64 characters in

Base64 Is Not Encryption (And Other Things Developers Get Wrong)

Related Articles

Thunderbird: Introducing our Public Roadmaps

How I Scraped Most Dark Stores in India — Blinkit, Zepto & Swiggy Instamart

Claude Code /branch Command Turned My Sessions Into Decision Trees

Much ado about protein

I'm OK being left behind, thanks

Related Articles

News
Thunderbird: Introducing our Public Roadmaps
Lobsters • 2h ago

News
How I Scraped Most Dark Stores in India — Blinkit, Zepto & Swiggy Instamart
Medium Programming • 2h ago

News
Claude Code /branch Command Turned My Sessions Into Decision Trees
Medium Programming • 2h ago

News
Much ado about protein
The Verge • 2h ago

News
I'm OK being left behind, thanks
Lobsters • 2h ago