sam said:
But the key used to decode teh encoded string is a plain text and must
be written somewhere in the code, unless the program ask for user input
password, in this case, the password is a plain text and is not written
in the code.
There is a minor misconception: the key used to encode the string does not
need to be a string, it can be a number or just some 128bit key for some
block cypher. That would most certainly look like some random data.
However, there is a major issue: why do you want to hide the strings in
your program in the first place? All you can do without hardware support is
to obfuscate your strings a little bit. A determined attacker, however,
will always be able to get at the information as long as it is given to
him. It does not really matter whether you just write it out or provide it
within your program as an intermediate result of some computation. Careful
use of a debugger will enable any cracker to get at your data. Embedding
passwords in programs and giving the programs away is equivalent to giving
the passwords away. So, again, why do you want to hide the strings in the
first place?
Best
Kai-Uwe Bux