Padraic Brady has a new post today mentioning both the PEAR::Encryption package and the Zend_Crypt component of the Zend Framework.

It's been a while since I did some active ZF/PEAR component development. It's been one of those 6 month periods where time to commit was a rarity for a few reasons. So now that I'm back on the road, where to?

He sets his sights on the Zend_Crypt component and details some of the encryption methods it contains - HMAC, the Diffie-Hellman Key Agreement Protocol, a hashing wrapper and proposed support for a RSA public key cryptography. He mentions that a lot of this support is already in a beta package for PEAR.

Ryan Malesevich is taking a break from his look at some handy WordPress packages to share a small series on how to move from using MD5 hashes out to SHA-1 hashes for passwords in a MySQL database. He's posted part one today.

What if you're using MD5 in your web application and want to switch over to another encryption method. It's actually not that hard and I plan to cover them in this multi-part tutorial (I know I planned on writing this months ago, but it's better late then never). In this first part I plan on going over updating the database structure and a 'pseudo-code' of what will need to be done.

As mentioned, he gives the outline (pseudo-code) of how the process will work - basically, creating an SHA1 hash of the MD5 and the username in a "newpassword" column added to your database.

Encryption can be a difficult issue to comprehend, inside of PHP or not. Thankfully, there are resources out there that can help simplify things and bring them down to where they're really useful. This new tutorial from the IBM developerWorks site today is just such a resource.

In this increasingly virtual online world, you have to be careful to protect your data. Learn the basics of encoding and encrypting important bits of information, such as passwords, credit card numbers, and even entire messages. Get an overview of what it means to encrypt and decrypt information, as well as some practical examples involving passwords and other data, using PHP's built-in functionality.

They start off where any good encryption article should - with a primer in cyrptography. You can't understand the advanced without a good grasp on the basic. Using this knowledge, they start to work up their form, a simple username and password validation system.

They provide all of the code you'll need to build the form, and even intorduce you to the crypt() function. A bad use of this functionality is also illustrated. Of course, encryption is only half the fun, so they also include an example of decrypting the same information.

On his blog today, Joshua Houle has posted a tutorial that looks at some simple encrpytion/decryption functions that he's whipped up for his everyday use.

Our first function is our encryption function called createsecretmessage. It takes two arguments, the message we want to encrypt and the key. The second function is the decryption function. It also takes two arguements, the encrypted message and the key.

Before he even gets into the code, he explains how the encryption portion of it works, complete with a chart representing the encryption process. Following this,the two functions are explained, each with their own code to make cut and paste simple.

DevShed has this new tutorial posted today concerning the use of text file authentication to create "private pages" in your site.

You run a website that is simple enough it doesn't require a database. But your site features certain pages to which you'd like to limit access. Most of the time, that implies using a database to store passwords and usernames. There is an easier way, however. It's less secure, but it involves a lot less coding.

They step you through the process - creating the form, making the PHP page for it to submit to, checking the password (including a bit on encryption), and validating the user's entry against it.

There's always been several PHP developers out there looking to protect the source that they so lovingly crafted. They look for alternatives to keeping it safe, but sometimes it's just not enough. In this new post on the Sjon.Blog today, he mentions some of the frustrations he's had already with exectly this.

Zend almost convinced me that their Safeguard Suite really secured your PHP scripts. Ofcourse I know that scripts need to be interpreted and executed and are therefore never 100% safe; but I expected some form of obfuscation and rewriting to prevent this. This doesn't seem to be the case though. I have had a look at PHP Obfuscator/Obscurer, but a good illustration of the quality of that script can be illustrated with a simple, readable example.

Also, obfuscating React took me almost an hour; which isn't that strange when you have had a look at the sourcecode.

As far as I've heard/seen so far, there's not really a good solution to this dilema. Sure, some are better than others, but there's still a hole there that is just waiting to be filled with an application anyone can use...

From the Oracle Technology Network site today, there's this new HowTo on encrypting you data in Oracle using PHP.

A crucial but easily overlooked aspect of data storage is protecting sensitive information'"from passwords, to credit cards, to social security numbers'"using encryption. Thus an understanding as to what encryption techniques are available in Oracle (via a PHP interface), and how best to use them, is important for all Web developers.

In this HowTo, you'll get a brief introduction to the necessary tools, and even get some specific code, for improving the security of your data.

They look first at a little background - what is encryption and how is it usually used. Following that, the code comes out, showing you how to create the encryption functionality in the PL/SQL area and subit the data into the procedure via PHP. They show three different kinds of storage methods you can use as well - hashed, MAC, and AES encryption.

Thanks to Nexen.net for the pointer...