Skip to content
QuantumScanRelatório público de scan

Repositório

PostHog/posthog

Escaneado em 26 de jun. de 2026

42

Risk score/ 100

Risco moderado

Resumo

PostHog uses MD5 for hashing in production STL cryptographic utilities, which is quantum-vulnerable under Grover's algorithm (reduced to 64-bit security). JWT authentication in enterprise edition uses RS256, which will be completely broken by Shor's algorithm on quantum computers within 5–15 years. No immediate cryptographic compromise, but HNDL (Harvest Now, Decrypt Later) risk exists for any long-lived session tokens or signed artifacts.

Crítico

3

Alto

1

Médio

0

Baixo

0

Principais findings

  • CríticoCWE-328MD5

    common/hogvm/python/stl/crypto.py:22

    SHA3-256 or SHA-256

    Evidência
    digest = hashlib.md5(data.encode()).digest()
  • CríticoCWE-328MD5

    common/hogvm/python/stl/__init__.py:15

    SHA3-256 or SHA-256

    Evidência
    from .crypto import md5, sha256, sha256HmacChain
  • CríticoCWE-328MD5

    common/hogvm/python/stl/crypto.py:18

    SHA3-256 or SHA-256

    Evidência
    def md5(data: str | None, encoding: Literal["hex", "base64", "base64url", "binary"] = "hex") -> str | None:
  • AltoCWE-327JWT quantum-vulnerable algorithm

    ee/api/agentic_provisioning/test/base.py:40

    HS256 (symmetric) or post-quantum signature schemes

    Evidência
    "algorithm": "RS256",

Escaneie seu próprio repositório

Grátis. Resultados em ~90 segundos. CBOM + PDF DORA/NIS2 inclusos.

Começar scan grátis