Avoid importing broken or deprecated crypto crates | Critiq Docs

#Metadata

Rule ID: rust.security.weak-crypto-import
Severity: medium
Confidence: 0.85
Languages: rust
Presets: security, strict
Stability: experimental
Applies to: block
Tags: cryptography, rules-catalog, rust, security

#Why it matters

MD5 and SHA-1 are broken hash functions, DES has an obsolete key size, and RC4 has known biases.

#Remediation

Use `sha2`, `blake3`, or `aes-gcm` for modern cryptographic primitives.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/rust/rust.security.weak-crypto-import.rule.yaml.

Back to directory Open rule in repository