Securing a password in source code?

Question

I have a password in my code which is needed to connect to a sftp server. Whats the best way to \"obfuscate\" or hide it in the code?

Thanks

Answer 1

Don't bother.
Anything you can do, your attacker can trivially undo.

If it only needs to run on a single machine, however, you can use the ProtectedData class, which will protect it securely against anyone not on that machine and/or user.

In general, the only remotely secure way to do this is to store the key in a separate, secure, location.
For example, you can encrypt it using a (non-MD5) hash of a password, then require the user to enter the password so that you can get the hash. (The hash and password themselves would not be stored anywhere; you should make a separate hash to verify the password)