The word "encryption" is often used to describe the process in which plain text is converted into cipher text and later transformed back into plain text for disclosing the data. For example: Cell-Level Encryption is the term used to describe the process in which a column of data within a table is protected by hashing plain text into cipher text and then returned to plain text through the use of a key or a series of keys.
Another example is Transparent Data Encryption (TDE) is the name of a feature in SQL Server 2008 in which the plain text that is stored within a data file and transaction logs are hashed into cipher text and then reverted to plain text through a series of keys prior to its use.
For the ultra-purist, the global use of the word "encryption" in this fashion is not wholly accurate. The definition of "encryption" is the process in which the plain text is converted into cipher text. The process in which a key, or series of keys are used to convert the cipher text into plain text is "decryption".
Why does this splitting of hairs in regard to the use of the word encryption matter? The real area in which this matters is when a decision in regard to the method of data security that is to be applied to your database. The bi-directional approach, which is using encryption and decryption processes, is commonly the one that comes to mind when considering encryption. There are times when encryption in general is discarded due to the key management requirements... an unfortunate situation indeed.
Consider the mono-directional approach to encryption. This approach is the hashing of plain text into cipher text without the intention of reverting the data back to plain text. In this approach key management is not required since it is not intended to be decrypted. Searching and comparison of values are accomplished by encrypting the input with the same algorithm and then comparing the input cipher text with the stored cipher text.
In SQL Server 2005 and 2008 the HashBytes function provides us with the ability to perform the mono-directional approach to encryption. The syntax in which plain text is converted into cipher text is:
HASHBYTES('SHA1','My Plain Text')
In this example above, I chose to hash my plain text with the SHA1 algorithm. There are other algorithm options available such as: MD2, MD4, MD5, SHA and SHA1. The maximum number of bytes that accepted in the input argument and that are returned when converted into cipher text is 8,000.
Much like implementing the Cell-Level Encryption methods the data type of the field in which the cipher text is stored must be varbinary. For example, the cipher text of "My Plain Text" would be stored as 0x6D99DDF6FE7A32547B6766E0BF88B1F50835F0FF.
There are vulnerabilities in all security efforts and by nature mono-directional encryption methods are weaker than bi-directional encryption methods. The strength of bi-directional encryption is not always necessary and their key management requirements are not always desired. The consideration of utilizing the HashBytes function in your data security efforts is something to not overlook.