security - PHP Source Encryption - Effectiveness and Disadvantages

Question

I have some PHP source code that I'm hosting with hosting company XYZ. I'm using a PHP encryption software like Zend Guard or ionCube to protect the source from being viewed by anyone (sysadmin or hacker that hacks the sysadmin).

• How easy/hard is it for someone who has full access to the system (like the sysadmin or hacker that hacks the sysadmin) to decrypt the source? I don't know how encryption software work, but I'm assuming they use some key, which would have to stay on the server and is therefore accessible to a sysadmin or a hacker. If you're technically-knowledgeable about the how-to, don't hesitate to offer an explanation in your answer.

• Does the use of such source encryption slow down the site? If anyone has first-hand experience or knows from someone that has first-hand experience ;)

I'm interested in the technical aspects of this, how effective encryption is.. and its disadvantages, from those who used them or considered using them

Thanks (all helpful answers/comments are up voted)

Edit: the answers so far seem to be ignoring what I'm trying to understand.. I'm trying to understand the effectiveness of encryption. I don't really have any code that needs protection from the bad guys, the above was just an example, so advice like open source it or hire a lawyer don't really address my technical curiosity.. A+ to anyone who gets the point

Answer 1

Neither Zend Guard nor ionCube uses encryption, in it's mathematical sense, to protect your code. What they do, except the obfuscation already described by other answers, is encoding.

This is a process that's normally done automatically by the PHP interpreter each time your script is accessed - your PHP script is compiled into a bytecode format, that's then executed. What encoders like Zend Guard and ionCube essentially does is an equivalent process, only that it's done once, and then only the "compiled" bytecode is made available/uploaded to the server.

This means that actually recreating the very same code that you once wrote is entirely impossible. What is not impossible, and this goes for obfuscation as well, is reverse-engineering the compiled or obfuscated code to figure out what it's doing.

To summarize, I'd say that these products are very good at protecting your code - as opposed to protecting your logic.