Skip to content
QuantumScanPublic scan report

Repository

FiloSottile/mkcert

Scanned on Jun 5, 2026

78

Risk score/ 100

High risk

Summary

The mkcert repository uses quantum-vulnerable cryptographic algorithms including RSA-2048, ECDSA P-256, and the deprecated SHA-1 hash function. These cryptographic choices expose certificate generation to both current security risks (SHA-1 collisions) and future quantum computing threats, requiring migration to post-quantum cryptography standards.

Critical

4

High

12

Medium

0

Low

0

Top findings

  • CriticalSHA-1

    truststore_java.go:9

    SHA-256 or SHA3-256

  • CriticalSHA-1

    truststore_java.go:77

    SHA-256 or SHA3-256

  • CriticalRSA key ≤ 2048 bits

    cert.go:173

  • CriticalSHA-1

    cert.go:13

    SHA-256 or SHA3-256

  • HighECDSA

    cert.go:167

    ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)

+ 11 more findings in the full report

Scan your own repository

Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.

Start a free scan