Anthony,

When I am developing on MS Platforms I usually use dlls or web classes to 
encrypt cookies/session/application variables. I would suggest you do the 
same. If you are interested I have developed a dll makes use of the NSA's 
declassified (c. 1998) Skipjack 2.0 encryption method. You could also use 
Microsoft's crypto API. Personally, I think the crypto API is a wee bit to 
simple, not to mention insecure. If MS doesn't publish the source code 
with the API, how can we really be sure they haven't written in 
a 'backdoor'? If you are interested in the dll, just tell me and I can 
provide you with the code.

Regards,

Brandon

> Hi all,
> 
> really need help...
> how to implement encrypted cookies? is there any object available?
> or should I write my own object, COM? Java has security packages
> which implement message digest, RSA etc. how about ASP?? I'm very
> upset.
> 
> Thanks a lot,