if you are putting the app into the public domain, then I suggest that you use at least des56. The hackers out there WILL try to break your encryption and if you use xor or bit flipping, they will break it and post the findings on a hundred hacker bulletin boards. MS has some simple envelope and password encrypt functions in their csp that make it easy or there are many examples out there. I bury a long password in code somewhere and use it as the password to encrypt/decrypt the envelope. Be sure to obfuscate your code or that part where the password is hidden to thwart decompliers. http://msdn.microsoft.com/msdnmag/issues/03/11/NETCodeObfuscation