QuantumScan

google/boringssl

risk score

1 findings · 30 files scanned

Google's BoringSSL repository contains RC4 implementation in a 'decrepit' directory, intentionally isolated for legacy compatibility. The context indicates this is a maintained legacy cryptographic primitive with clear deprecation signaling, posing minimal active risk as it appears separated from production cryptographic operations.

Recent findings

File	Algorithm	Severity
decrepit/rc4/rc4_decrepit.cc:18	RC4 / ARCFOUR	critical

Exposure by language

Other1 · 100%

Compliance mapping

DORA

NIS2

Partial

NIST PQC

Exports for compliance

Share read-only link

Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.

https://quantumscan.io/en/share/f8ab920f-ba0c-4d05-92d3-a8514457bd1a

Add a badge to your README

Show your project's post-quantum readiness in the README. The badge updates automatically after every new scan.

Preview

Markdown

[![Post-Quantum Readiness](https://quantumscan.io/api/badge/google/boringssl.svg)](https://github.com/google/boringssl)

HTML

<a href="https://github.com/google/boringssl"><img src="https://quantumscan.io/api/badge/google/boringssl.svg" alt="Post-Quantum Readiness" /></a>

Add badge to your README

Show your quantum-safety score directly on GitHub.

[![QuantumScan](https://quantumscan.io/api/badge/google/boringssl.svg)](https://quantumscan.io/en/scan/f8ab920f-ba0c-4d05-92d3-a8514457bd1a)

Save your results & track future changes

Create a free account to get drift alerts, compliance PDF exports, and scan history.

Weekly drift alerts when new vulnerabilities appear
Track risk score over time across all your repos
Export DORA / NIS2 compliance PDF for auditors

Create free account →Sign in

Free forever for design partners · No credit card