The LeaseWebLabs.com site has a new post talking about some of their difficulties (and lessons learned) when implementing AES in PHP with mcrypt for a recent project.

The Advanced Encryption Standard (AES) is the successor of triple DES. When you need a standardized, secure, high performance symmetric cipher it seems like a good choice. Wi-Fi network traffic is encrypted with AES for instance. Also when you want to securely store data in a database or on disk you could choose AES. Many SSDs store data internally using AES encryption. PHP supports AES through “mcrypt”. On Debian based systems (like Ubuntu and Mint) you can install it using “sudo apt-get install php5-mcrypt”.

With no direct support for AES in mcrypt, they decided on Rijndael-128 instead and include some code examples of getting its key and block size. They also include an example of the dynamic typing PHP does when converting a string to an integer and the "key padding" PHP automatically does if the key length it too short. A few other problems they discovered during implementation are mentioned as well including null padding on strings and PHP's ignoring of a wrong size initialization vector (no padding, just an error).

On the Smashing Magazine site today there's a new tutorial showing you how to replace your MySQL encryption methods for AES with their PHP equivalent.

At our company, we process a lot of requests on the leading gift cards and coupons websites in the world. The senior developers had a meeting in late October to discuss working on a solution to replicate the MySQL functions of AES_ENCRYPT and AES_DECRYPT in the language of PHP. This article centers on what was produced by senior developer Derek Woods and how to use it in your own applications.

He starts with a little bit of backstory - why to even bother using encryption, what AES encryption is and why you should probably avoid using the MySQL implementation of it in your apps. PHP's mcrypt functions don't return the same hashes as their MySQL counterparts (he includes the "why" of this) and includes some quick code to replicate the MySQL behavior. He also mentions some issues with the transformation, newlines and shows the source for their completed "aes_crypt" and "aes_decrypt" functions.

From the Oracle Technology Network site today, there's this new HowTo on encrypting you data in Oracle using PHP.

A crucial but easily overlooked aspect of data storage is protecting sensitive information—from passwords, to credit cards, to social security numbers—using encryption. Thus an understanding as to what encryption techniques are available in Oracle (via a PHP interface), and how best to use them, is important for all Web developers.

In this HowTo, you'll get a brief introduction to the necessary tools, and even get some specific code, for improving the security of your data.

They look first at a little background - what is encryption and how is it usually used. Following that, the code comes out, showing you how to create the encryption functionality in the PL/SQL area and subit the data into the procedure via PHP. They show three different kinds of storage methods you can use as well - hashed, MAC, and AES encryption.

Thanks to Nexen.net for the pointer...

From the Oracle Technology Network site today, there's this new HowTo on encrypting you data in Oracle using PHP.

A crucial but easily overlooked aspect of data storage is protecting sensitive information—from passwords, to credit cards, to social security numbers—using encryption. Thus an understanding as to what encryption techniques are available in Oracle (via a PHP interface), and how best to use them, is important for all Web developers.

In this HowTo, you'll get a brief introduction to the necessary tools, and even get some specific code, for improving the security of your data.

They look first at a little background - what is encryption and how is it usually used. Following that, the code comes out, showing you how to create the encryption functionality in the PL/SQL area and subit the data into the procedure via PHP. They show three different kinds of storage methods you can use as well - hashed, MAC, and AES encryption.

Thanks to Nexen.net for the pointer...