Hi Brian,

For some reason I'm not receiving emails from my threads here anymore (need to check my settings I guess), so I didn't see this one until just now. I've actually written an article on SQL 2005 encryption that talks about the ANSI X9.17 standard and how SQL 2005's encryption parallels its key security model. SQL 2005 has the ability to take a password/passphrase and "mangle" it using hash functions and a bunch of bit level manipulations to generate keys that are quite un-reverse-engineerable.

Generating your own encryption keys is a heckuva subject to get into though Random number generation functions in most computer languages aren't considered to be up to the task of generating encryption keys, and to do the job right you'd need some specialized software or hardware. I've done some work in the area with various algorithms - one of my favorites is the "Twister" random number generation algorithm, because it is simple and does a decent job (it was created by professional statisticians). I believe Schneier points out in his book though, that if you want true random numbers you really have to hook your computer up to some sort of subatomic particle detection device and rely on Heisenberg's uncertainty principle to do the rest

If I have time one day I'll pull together information on some of these approaches and maybe put together some sample key generation code as well.

Thanks!