Open dataset
What's actually in production code
Aggregate, anonymized findings across every public repository QuantumScan has scanned. No source code, repo names, or user data — counts and stats only, refreshed weekly by our learning agent.
82
Repositories scanned
148
Scans completed
2,545
Findings recorded
Most common quantum-vulnerable algorithms
Ranked by total occurrences across all scanned repos.
| Algorithm | Occurrences | Repos affected | Priority | Suggested action |
|---|---|---|---|---|
| ECDSA | 807 | 70 | high | Migrate to EdDSA (Ed25519) or ECDSA with SHA-256; audit nonce generation |
| Ed25519 / EdDSA | 454 | 70 | high | Standardize deployment; verify constant-time implementations in Java/Python bindings |
| RSA | 437 | 70 | high | Enforce minimum 4096-bit keys; plan ML-KEM-768 migration for post-quantum readiness |
| ECDH / ECDHE | 356 | 70 | high | Upgrade to X25519/X448 or ML-KEM-768; enforce PFS in TLS handshakes |
| Elliptic Curve Cryptography | 347 | 70 | high | Transition to post-quantum alternatives (ML-KEM-768) for long-term security |
| DSA | 322 | 70 | high | Replace with Ed25519 or ECDSA immediately; phase out from all systems |
| SHA-1 | 262 | 70 | high | Replace with SHA-256 or SHA-3; deprecate in all TLS/signature contexts |
| X25519 / Curve25519 | 221 | 70 | high | Standardize as default ECDH; validate constant-time properties in all implementations |
| AES-128 | 156 | 70 | high | Upgrade to AES-256 for cryptographic agility; ensure authenticated encryption (AES-GCM) |
| secp256k1 (Bitcoin curve) | 144 | 70 | high | Validate implementation against libsecp256k1; monitor for quantum threat implications |
Average risk score by repository category
Lower is better. Categories are inferred from repo name and primary language.
general
3253 repos
blockchain
446 repos
ssh-client
586 repos
crypto-lib
706 repos
http-client
376 repos
web-framework
83 repos
auth
781 repos
infra
731 repos
Released under CC0 — use it freely, attribution appreciated.