Public scan reportRepository
NTPsec/ntpsec
Scanned on May 22, 2026
Risk score/ 100
Moderate risk
Summary
NTPsec repository contains 29 instances of quantum-vulnerable cryptographic primitives, primarily concentrated in legacy 'attic' code. While most critical findings (DES, MD5, SHA-1) exist in deprecated testing utilities rather than production code, the presence of DSA and Ed25519 in timing tests indicates awareness of algorithms that will fail against quantum attacks. The codebase shows reliance on older OpenSSL versions lacking post-quantum readiness.
22
3
4
0
Top findings
- CriticalDES
attic/cipher-find.c:36
- CriticalSHA-1
contrib/keygone.py:33
SHA-256 or SHA3-256
- CriticalSHA-1
contrib/make-leap-seconds.py:71
SHA-256 or SHA3-256
- CriticalSHA-1
contrib/make-leap-seconds.py:73
SHA-256 or SHA3-256
- CriticalSHA-1
contrib/make-leap-seconds.py:74
SHA-256 or SHA3-256
+ 24 more findings in the full report
Scan your own repository
Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.