I have a question regarding two-way encryption data for specific columns.
Does anyone have a technique or recommendation for two-way encryption which somehow obfuscates the decrypt key so that it isn't easily retrievable from the database or the application source code? We've already considered (a) letting users hold the decrypt key and (b) obfuscating the decrypt key with the user's own (one-way encrypted) password, but neither of these approaches are viable for us.
