It is highly advised for ASP.Net to only use Microsoft's encryption classes and avoid embedding anything within your code, since as they claim, code dll's can be reverse assembled by an intruder and embedded secrets can be found. However, if reverse assembly can happen, then an intruder, who surely knows Microsoft's encryption classes, can find in the code what class is being used and duplicate the process. The code will also reveal where your keys can be found and how they may be encrypted. So where is the security?