How to obscure hard coded password in code?

Question

I would like to obscure a password in my VB6 code, such that it cannot be revealed even via decompilation.

Is this possible?

Answer 1

It really depends what you will be using that password for. If you just need to check against it you could simply use a really strong password and hash it (that way it will be hard to find it out even if they use some sort of rainbow table).

But think it this way, if someone is willing to decompile your code they could perfectly crack your application by just changing that password for another one simpler that they know the hash.

In the other hand if you are trying to store a password so that you can reverse it (DB password?) and use it, I would say you are going for the wrong architecture and there is nothing you can do to safely keep a malicious user to find out your password. You should create a server side app that is not accessible by "normal users" and a client side App that will send requests to your server side app.

Answer 2

If you program has access to it in plaintext, then it's possible to somehow retrieve it. You are better off getting your security in other ways. How to do this really depends on your specific application. Do you have to store the password in your application? Can you simply store a pre-computed hash and compare against that?