implemented ProtectedData real quick. all it does is provide static Methods to Protect() and Unprotect(). you can pass in entropy, which i will have to extend my CryptProtectData pInvoke to support. not exactly sure how to support ProtectedMemory yet ... have no clue what pInvoke the full framework is doing? or if it is available on CE? not sure how useful it is either, because it requires the memory to be in 16 byte blocks.
Rfc2898DeriveBytes was a bit tricker, but it is now working too. RSA reccommends doing 1000 iterations to generate a key ... this is a BAD idea on a PPC. it took way too long. will have to look into speeding up that code. should look into a SecureString implementation too.