>We send a custom key to encrypt and decrypt. But, all the rest is from the CryptoStream class.

By default, the Cryptostream class uses AES (Rijndael) encryption with a key size of 256 bits. This is currently the strongest form of symmetric encryption available. According to Microsoft (see http://www.gotdotnet.com/team/clr/cryptofaq.htm), the default encryption settings in .NET are always the strongest available at the time.

James McCaffrey describes the AES algorithm in "Encrypt It: Keep Your Data Secure with the New Advanced Encryption Standard," November 2003, http://msdn.microsoft.com/msdnmag/issues/03/11/AES/. According to McCaffrey:

"The AES algorithm is based on permutations and substitutions. Permutations are rearrangements of data, and substitutions replace one unit of data with another. AES performs permutations and substitutions using several different techniques."

The RNGCyptoServiceProvider in .NET can be used to create "random" keys and initialization vectors for AES. According to Michael Stuart and J Sawyer in "Cryptography: Employ Strong Encryption in Your Apps with Our CryptoUtility Component," November 2004: "While RNGCyptoServiceProvider is technically a pseudo-random generator, it is NIST-certified as cryptographically strong."

The Stuart and Sawyer article is available at http://msdn.microsoft.com/msdnmag/issues/04/11/CryptoUtility/default.aspx.

Good luck.