I am also not an encryption guru. I looked at specs for the module that you are using based on RC4 and it appears that this provides pretty good security. There are a *lot* of encryption methods and I can't recommend one over another. I personally would not assume that a few years old means "bad". I think all of these robust algorithms are going to generate binary bits (including non-printable characters).

You say "what I'm most interested is that the encrypted password is comprised of a string of text, rather than a binary glob". One simple idea would be to just uuencode this binary bunch of bits so that you can store it as printable ASCII in the DB and then uudecode it back to the binary in order to run through the decrypt process which will also result in ASCII. It just seems to me that you can continue to use something that you are familiar with, the new thing being storing the encrypted binary text as a uuencoded string (printable ASCII) instead of raw binary.

Just a thought from a non-security guy. I am quite sure that this discussion can get into literally mind-numbing detail. How much work you put into this has a lot to do with how important the information is and how determined the "bad guys" are at getting it. I would suspect that the pass phrase encryption algorithm is not the weakest link in the security chain.