Just as an aside ... that article announces the upcoming arrival of the ProtectedData<http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata(v=vs.100).aspx>class in 'Whidbey' (remember that?) which makes scrambling with the user or machine key trivially easy. I forgot that class existed until I noticed it mentioned in chapter 21 of C# in a Nutshell.
I actually used the class last week to encrypt some strings with the machine key to put a db table, then the next day I realised my code was worthless. Sure I made the strings unreadable, but any account on the box can run one line of code and show the original strings, so there is no real security at all. Then if the db is taken to a different machine the encrypted strings are gibberish. I think the lesson here is don't use encryption unless you have the whole "big picture" worked out. Although, it is fun to encrypt things just for the hell of it. Based upon what Shawn says in the article, if I encrypt my own data with ProtectedData and the user key, then later change my password, does the data become un-decryptable? Greg K
