Base64 Is Not Encryption: What Every Developer Gets Wrong

I once reviewed a codebase where API keys were "secured" by encoding them in Base64 before storing them in a config file. The developer genuinely believed this was a form of encryption. It is not. Base64 is an encoding scheme, not a cipher. Anyone can decode it instantly. Understanding what Base64 actually does, and what it does not do, will save you from shipping something embarrassing. What Base64 actually is Base64 converts binary data into a string of ASCII characters. That is the entire purpose. It exists because many systems -- email protocols, JSON payloads, HTML data URIs, URL parameters -- were designed to handle text, not arbitrary binary data. If you try to shove raw binary through a text-based protocol, certain bytes get misinterpreted as control characters, nulls get truncated, and data gets corrupted. Base64 solves this by mapping every 6 bits of input to one of 64 printable ASCII characters: A-Z, a-z, 0-9, +, and /. Three bytes of input (24 bits) become four Base64 chara

Base64 Is Not Encryption: What Every Developer Gets Wrong

Related Articles

Iran War Puts Global Energy Markets on the Brink of a Worst-Case Scenario

The data from 400,000 developers exposes the grind myth — and shows what actually separates good…

Why your next mobile app is probably headless

Major SteamOS update adds support for Steam Machine, even more third-party hardware

Is Composer 2 in Cursor Any Good?

Related Articles

News
Iran War Puts Global Energy Markets on the Brink of a Worst-Case Scenario
Wired • 4m ago

News
The data from 400,000 developers exposes the grind myth — and shows what actually separates good…
Medium Programming • 30m ago

News
Why your next mobile app is probably headless
Lobsters • 38m ago

News
Major SteamOS update adds support for Steam Machine, even more third-party hardware
Ars Technica • 48m ago

News
Is Composer 2 in Cursor Any Good?
Medium Programming • 48m ago