Encrypt Password and Username

[hardcorebadger]

Hey, I have a program that runs on a computer and connects to an SFTP server to download files. It needs to give the username and password to log in, and right now they are written out in the code. I don't want the user to be able to decomplie and see the credentials so I need to hide them somehow. I think encryption can help but I'm not familiar with how it works. Basically, I want use encrypting to get a string value that can't be seen in the code (decrypt) then login with it. Can someone please help explain some code and how I would go about doing this?

[Tolls]

So you want to encrypt the username and password?
And the key to the encryption (since you need to decrypt it) is going to be in the code?

How does that make it any more secure?

[j2me64]

So you want to encrypt the username and password?
And the key to the encryption (since you need to decrypt it) is going to be in the code?

How does that make it any more secure?

you're right. even if you use a very efficient encryption algorithm is your code the issue is how you prevent a hacker to decompile your class. you could use an obfuscator but this wouldn't make your code much more secure. so we must look for an other approach ... any ideas? is your code executed in a unix-environment?

[hardcorebadger]

could I convert the string to a byte and save the string value of the byte in a file (so that will look like a whole bunch of random characters) then use the code to read that and convert it back to the username and password?

[hardcorebadger]

Idea 2: I create some messed up strings that look unfamiliar then use code to slowly change it back to the username and password one char at a time, then putting in random stuff, deleting it out, then another of the chars, then converting it to a byte, then back, just random stuff like that and somewhere in the middle it finds the username and password, sets them to strings with random names then seemingly keeps on going with this random mess of string edits. then it logs in. After that you obfuscate, that will change all of the functions and variables even more and make it more complicated. In a way, Its a written in custom decrypt.

[Tolls]

The code that does that will be reasonably easy to find in your app.
Once it's found then it will be simple to figure out how to get the username and password out of the data in your file.

This is why webapps are quite popular.