Vista - Re:simple text encrypt / decrypt

Hi,
I have a different requirement.
i wrote a script which will contain an username and password of an FTP
server to which it will upload the data.

i want to encrypt these username and password using DPAPIs so that no one
can read them.

can anyone help in this regard?

url:http://www.ureader.com/msg/1675127.aspx

"rahulji" <rahuljiv@xxxxxx> wrote in message
news:064c21f4734641fa97b49da4a16693d4@xxxxxxThere is some good advice in that link.

If your script needs to use the actual username/password, it will need to
contain code to decrypt the encrypted values. Anyone reading this script
could take a copy, and modify it to display the unencrypted credentials
instead of using them to access the FTP server.

The only way this can be done securely (imho) is to have the operator
provide the encryption key interactively. Of course, there is not much
difference between doing it that way and having the operator provide the
actual username and password.

/Al

"rahulji" <rahuljiv@xxxxxx> schrieb im Newsbeitrag
news:064c21f4734641fa97b49da4a16693d4@xxxxxxI think it depends on what you want to achieve:
if your concern is that somebody can snif username and password from your
LAN or on the internet then maybe you need something like VPN or SFTP
if you want to prevent that somebody reads the VBS sourccode then you can :
-try to protect the VBS code with NFTS permissions
-compile the VBS to an (encrypted) .exe file (there are tools availlabe
doing this)

heinz

"Heinz" <Spacewalker4711(noSpam)@hotmail.com> wrote in message
news:uaVlOON8JHA.1488@xxxxxx"try" being the operative word here. I suspect that the OP wants people to
run this script that should not know the password, hence his post.
But, again, just how secure is that encrypted information? The executable
must contain the code required to de-crypt the encrypted portions of the
executable, so reverse engineering is possible.

/Al

"Al Dunbar" <alandrub@xxxxxx> schrieb im Newsbeitrag
news:ukFY0PO8JHA.5400@xxxxxxWell, tools like http://www.abyssmedia.com/scriptcryptor/index.shtml will
"compile" and encrypt VBS code to an .exe using Blowfish (an
industry-standard strong encryption algorithm).
The tool uses a strong random password for encrypting the .exe - and when
executed the exe decrypts itself "on the fly" (to memory, not to disk)
This should be sufficient for most users I think and it's a good option for
distributing confidential VBS sourcecode

Heinz

"Heinz" <Spacewalker4711(noSpam)@hotmail.com> wrote in message
news:#HFhzCQ8JHA.1248@xxxxxxEven SCRENC.exe is enough to confound most users, and scriptcryptor
certainly looks as if it does a better job.

I would still be concerned about using this to obscure something really
sensitive like a domain admin password, however. If the executable contains
the strong random password, the encrypted data, and the logic to use these
to do the decryption, I think there is enough there that it would fall to a
determined reverse-engineering exploit. Definitely not something the average
user is capable of, at least not until someone publishes a program that
anyone could run to do this.

/Al