Implement RC4 Encryption
SQL Server 2000: Tested
SQL Server 2005: Tested
SQL Server 2008: Tested
SQL Server 2008R2: Tested
SQL Server 2012: Not Tested
Date: 23 Sep 2008
Encryption of data is a huge multi-facted and complex topic that fills entire books.
In my opinion, encryption of data, or any other data security measure, is not a one-size-fits-all technology, nor should any organisation rely on just one form of encryption or data security. Security of any kind is very much subject to a vicious cycle of invention-circumvention, and should therefore be regularly reviewed and updated. This has been the case with physical security for as long as it has existed (locks, safes etc) and will likely continue to be the case with software and data security
Security of data is never going to be absolute, and all any organisation can do is protect against the majority of criminals or criminal intent. The dedicated hacker is a hard animal to defeat, but the casual thief is much easier to thwart.
I have worked for organisations at all ends of the security spectrum, from financial to production line. Not all of them use the most leading edge methods for every piece of data as that would be prohibitively expensive and complex, but all of them used data security technology.
RC4 encryption is an older technology, whose algorithms are public knowledge, but to the casual or mildy experiences hacker, it can still be a locked door.
It is relatively simple to implement, and if the appropriate measures are taken to secure all (or part) of the encryption key, it can be effective enough.
The following code provides a function-based implementation of RC4 encryption. Key management is not covered as that is usually site-specific.