>I seriously doubt that your client requested to have 256-bit keys yet takes no exception to your using an antiquated 56-bit algorithm for the actual encryption. This doesn't make sense. 56-bit DES is still good enough for many 'normal' applications and you can extend this to 112 bits by using triple DES, but modern algorithms like Blowfish, AES etc are better in this case and any decent crypto library should have them.
>
>You aren't trying to use raw passwords/passphrases as encryption keys, are you? If so then I recommend passing the raw password through a hash function like MD5 or SHA and folding the output of the hash function down to the required key size (although a simple left(hash, desiredKeySize) will be quite as effective). DES has certain weak keys that should be avoided so you'd get better results easier by using another crypto algorithm.
So, basically, you say that using an eight character key is good enough? The request for a 32 character key came in late Friday afternoon. I'd have to verify all that again.