mask password string

Question

I'm creating a C# windows forms app that logs me in to my servers with a single click using MSTSC. I have my admin name and password in the code in plain text and wondered is there a way to mask/hide the password? I store my code in my Dropbox and would prefer it wasn't readable.

    private void RunAsAdmin(string server)
    {
        Process rdcProcess = new Process();
        rdcProcess.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\cmdkey.exe");
        rdcProcess.StartInfo.Arguments = "/generic:TERMSRV/192.168.0.217 /user:" + "Administrator" + " /pass:" + "myPassword";
        rdcProcess.Start();

This is wrong on so many levels :( Welcome to stackoverflow anyway, have a look at the [FAQ](http://stackoverflow.com/help/how-to-ask) — aggsol, Dec 02 '14 at 09:53
possible duplicate of [Securing a password in source code?](http://stackoverflow.com/questions/4155187/securing-a-password-in-source-code) — Emre Acar, Dec 02 '14 at 09:54
It is possible to mask it, but practically impossible to hide it. To mask, you can use the cryptographic functions, but somewhere you will have to store the decryption key as well. In general, it is a very bad idea to store passwords in source code. — Sjips, Dec 02 '14 at 09:55
Thanks, looks like putting the PW in the code is not the way to do it. I'll rethink the whole. Thanks again — Nikewatch, Dec 02 '14 at 09:59

score 0 · Accepted Answer · answered Dec 02 '14 at 10:02

Use this function to encrypt and decrypt the password.

 Public Function ConvertPassword(ByVal sPassword As String)
        Dim sTempChar As String
        Dim iCount As Integer

        For iCount = 1 To Len(sPassword)
            If Asc(Mid$(sPassword, iCount, 1)) < 128 Then
                sTempChar = CType(Asc(Mid$(sPassword, iCount, 1)) + 128, String)
            ElseIf Asc(Mid$(sPassword, iCount, 1)) > 128 Then
                sTempChar = CType(Asc(Mid$(sPassword, iCount, 1)) - 128, String)
            End If

            Mid$(sPassword, iCount, 1) = Chr(CType(sTempChar, Integer))
        Next iCount

        Return sPassword
    End Function

Hi Kumar. I got this to work using your code as a guide. Thanks again — Nikewatch, Dec 12 '14 at 10:20

score 0 · Answer 2 · answered Dec 02 '14 at 18:54

0

I would agree that storing the password in the file is a bad idea. What I've done on occasion is to base64 encode it. I realize that it is VERY insecure but I am only trying to prevent a casual reader from seeing the password.

answered Dec 02 '14 at 18:54

gstar

146
3
6

score 0 · Answer 3 · answered May 19 '15 at 12:16

0

As part of the answer you can mask the password by setting the following property in e.g. an windows forms textbox:

TextBox.UseSystemPasswordChar = true;

answered May 19 '15 at 12:16

Naha

506
6
14

mask password string

3 Answers3

Linked