Skip to content
QuantumScanPublic scan report

Repository

golang/crypto

Scanned on Jun 4, 2026

78

Risk score/ 100

High risk

Summary

The golang/crypto repository contains widespread use of quantum-vulnerable cryptographic algorithms across 58 files with 315 total findings. Critical issues include broken algorithms (MD5, SHA-1) in 60 instances and quantum-vulnerable primitives (ECDSA, RSA, ECDH) in 234 instances. Immediate migration to NIST-approved post-quantum algorithms is required for compliance with emerging regulations.

Critical

60

High

140

Medium

0

Low

0

Top findings

  • CriticalMD5

    ocsp/ocsp_test.go:249

    SHA3-256 or SHA-256

  • CriticalMD5

    ocsp/ocsp_test.go:252

    SHA3-256 or SHA-256

  • CriticalSHA-1

    ocsp/ocsp_test.go:260

    SHA-256 or SHA3-256

  • CriticalSHA-1

    openpgp/clearsign/clearsign_test.go:256

    SHA-256 or SHA3-256

  • CriticalMD5

    openpgp/s2k/s2k.go:239

    SHA3-256 or SHA-256

+ 195 more findings in the full report

Scan your own repository

Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.

Start a free scan