If you want to be able to retrieve the password later on then you can't hash them. You have to use one or two ciphers one on top of the other and depending on the format of your settings file (ee JSON, XML, or binary) a UUncode on the final result. Personally I use two ciphers on on top of the other. Something along the lines of
1) Get encryption password from user
2) Get Login data to be encrypted.
3) create a sault from the user name and other login data.
4) add sault to the encryption password.
5) use 3des to encrypt the login data.
6) reverse encryption password with sault.
7) use rijndael to encrypt the 3des encrypted login data.
6) UUEncode the encrypted data to convert them to string friendly format.
7) append the calculated sault to the end of the encrypted data.
Save data.
You can ignore step 6 if you do not save data in a text file but you need to add some short of length of the encrypted data to be able to read them back.
Decryption is the above steps in reverse order
1)Get encryption password
2) load data.
3) get sault from encrypted data.
4) add sault to the password
5) reverse password
6) UUDecode the data
7) decrypt data with rijndael.
reverse encryption password again.
9) decrypt data with 3des.
10) use login data.
11) zero out the memory with the unencrypted login data.