Public scan reportRepository
tlsfuzzer/python-ecdsa
Scanned on May 11, 2026
Risk score/ 100
Critical risk
Summary
This repository implements ECDSA cryptographic signatures, which are fundamentally vulnerable to quantum attacks via Shor's algorithm. The library contains 143 high-severity quantum-vulnerable findings across elliptic curve implementations, plus critical usage of broken hash functions (SHA-1, MD5) that compound the security risks. Immediate migration planning to post-quantum cryptography is essential for any production deployments.
3
143
0
1
Top findings
- CriticalSHA-1
src/ecdsa/test_malformed_sigs.py:10
SHA-256 or SHA3-256
- CriticalSHA-1
src/ecdsa/rfc6979.py:50
SHA-256 or SHA3-256
- CriticalMD5
src/ecdsa/test_malformed_sigs.py:9
SHA3-256 or SHA-256
- HighEd25519 / EdDSA
speed.py:100
ML-DSA (CRYSTALS-Dilithium) or SLH-DSA
- HighECDH / ECDHE
src/ecdsa/test_ecdh.py:24
ML-KEM (CRYSTALS-Kyber)
+ 142 more findings in the full report
Scan your own repository
Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.