Avoid importing broken or deprecated crypto packages
Production Go code should not import `crypto/md5`, `crypto/sha1`, `crypto/des`, or `crypto/rc4` for security-sensitive purposes.
#Metadata
#Why it matters
MD5 and SHA-1 are broken hash functions, DES has an obsolete key size, and RC4 has known biases; using them as cryptographic primitives degrades confidentiality and integrity.
#Remediation
Use `crypto/sha256` or `crypto/sha512` for hashing, `crypto/aes` with GCM mode for ciphers, and avoid RC4 entirely.
#Repository path
The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.weak-crypto-import.rule.yaml.