Configuration files containing ciphers should have the strictest possible permissions (e.g., Use Non-Reversible Hashing:

If a password has been hashed using MD5 or SHA (which is standard for local user login passwords), This is because hashing is a one-way function. You can turn "Password123" into a hash, but you cannot turn the hash back into "Password123."

To most, it was gibberish. To Elias, it was a puzzle waiting to be solved. The Cipher’s Secret

For V1 ciphers, the community has reverse-engineered the XOR key. A typical Python script looks like this (simplified version):