How can I encrypt a password inside a VBscript

Posted on 2009-12-17
Last Modified: 2012-06-21
I need to include a password as part of a VBscript. I need a method of encrypting this password so it cannot be read. I have uses the Microsoft tool (screnc.exe) to change a vbs to a vbe, for encrypting a script, but that method is very easy to hack into. Does anyone have an idea for how to include a password in a script and keep it secret from some fairly sophisticated prying eyes.

Question by:bartteems
    LVL 6

    Accepted Solution

    It's a chicken and the egg problem. So the best you can do is rely on Obscurity:

    Encrypt the password in a text file.
    Your script will read that text file and decrypt the password.
    The password (clear text) won't be written any where, but than again the "key" to the encryption that can be used to fetch the password is out there in the clear...

    You can use custom ActiveX functions to encrypt the password. Examples are here:

    Good luck!
    LVL 3

    Expert Comment

    well as said this is a chicken and egg scenario,

    i can recommend you to use  "StringConverter.exe "

    you can download it from here:

    The syntax of stringconverter is: stringconverter \"NewPassword\" /encode /unicode

    To make it easier to manipulate the encrypted password, 'pipe' the output to a text file, now you can copy the encrypted password into your data file.

       1. Type: stringconverter \"NewPassword\" /encode /unicode  > cryptic.txt
       2. Type: Notepad cryptic.txt, this reveals the encrypted word IgBOAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=

    another option is displayed here:

    this has multiple options for vbscript encryption

    hope this helps
       3. Substitute that on the theUnicodePwd:: line of your .ldp file.
    LVL 10

    Expert Comment

    Note: StringConverter does not encrypt the password. It BASE 64 encodes it. reveals the encoded password.

    Both oferam and roeib provided links to

    Some of the functions described on that page will encrypt a string (for example, the "AES String Encryption" example). When you use a symmetric algorithm such as AES, the encryption key will must be shared between the system that is encrypting the string and the system that is decrypting the string. Based on your description, it sounds like you want the encrypted string and the decryption key to both appear within your script. If that's the case, no amount of obfuscation will "keep it secret from some fairly sophisticated prying eyes."

    Nevertheless, the best obfuscation that I can recommend is to split the key so that it appears in multiple places. For a description of key splitting, see

    So, for example, if you split your key into four parts and stored each part in a separate constant strings within your script, it will be harder for those "sophisticated prying eyes" to find your decryption key, but a dedicated hacker will eventually find it.
    LVL 6

    Expert Comment

    An easier method would be to use commercial product. I know this one: I think there are others that does the same idea.

    They give you API to access your password, and they keep your password encrypted and monitor who is accessing it, from which IP, when, etc...

    Author Comment

    YEs, I think task is impossible. Even though these solutions will work, they still rely on obscurity. The people that I am trying to protect from would see through this immediately. Thanks anyway for the efforts

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA.…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now