[metadata]
id = "MSC42-C"
type = "rule"
category = "MSC"
number = 42
title = "Do not use deprecated or weak cryptographic algorithms"
description = """
Using deprecated or weak cryptographic algorithms such as DES, 3DES, RC2, RC4,
or RC5 exposes encrypted data to feasible brute-force or cryptanalytic attacks.
Programs should use modern, approved algorithms such as AES-128 or AES-256
instead. This applies to key derivation, encryption, and decryption operations.
"""
severity = "High"
likelihood = "Probable"
priority = "P6"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "Apr 01, 2026"
[rules.cert_c.MSC42-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/MSC30-C.+Do+not+use+the+rand%28%29+function+to+generate+pseudorandom+numbers"
cwe = ["CWE-327", "CWE-328"]