I have an application which needs to store some information in a configuration file.
We decided to encrypt the information with an algorithm that is commonly used across the company.
I thought it would be best if we insert some kind of checksum validation so we can know if the file has been tampered. When I started looking at this issue, first I thought of MD5. Then I read some more and I found that some people say that collisions may happen with this algorithm, which make it less secure. Then I turned to SHA-1, but again looks like it may have flaws, since it is a variation of SHA.
Any thoughts on the way we should handle this?
Thanks and Cheers!!