gvwilson
https://buildtogether.tech/security/ -- encryption and hashing
Context: I asked two students if they would read this section. They are both fourth year students. One woman, one man. Both have experience being a team member as well as being a team mentor. (Both were excited by this text and think it would be helpful the next time they are in a project. I told them NOT to distribute it.)
Suggestion: "Identifying the difference between hashing and encryption would be something important to include. Most really don’t get it." --> Could add "make sure that passwords are stored securely, by hashing and salting them"(footnote explaining hashing+salting vs. encrypting, e.g. https://nakedsecurity.sophos.com/2013/11/20/serious-security-how-to-store-your-users-passwords-safely/), either to a list of suggestions or in the "authentication" section.
The important difference that often isn't given enough prominence (IMHO) is that hashes are designed to be extremely difficult to reverse (hence the need to resort to rainbow book attacks) whereas encryption is designed specifically to be reversible in the possession of the right information (the shared key for symmetric encryption, the secret key in asymmetric encryption).
Since I could find no reference to hashing and only two references to encrypting information in the current page it seems that the level of detail in your linked reference may be greater than is required for the intended audience of this work.
