wikipedia.org
1 endpoint tested · 0 hostnames found in public certificate logs · scanned Jul 14, 2026
Every endpoint we tested uses post-quantum key exchange. Traffic to wikipedia.org is safe from someone recording it now and decrypting it later.
Findings
- info
1 endpoint already negotiate post-quantum key exchange
Hybrid ML-KEM is active (X25519MLKEM768). Traffic to these endpoints is protected against retroactive decryption.
wikipedia.org
- medium
All 1 certificates use classical signature keys
Certificate keys (RSA/ECDSA) are broken by Shor's algorithm, but unlike key exchange this is not retroactively exploitable — a signature only needs to resist forgery while it is still trusted. No publicly-trusted CA issues ML-DSA certificates yet, so there is no action available today. NIST deprecates these algorithms after 2030 and disallows them after 2035.
wikipedia.org
Endpoints
| Host | Key exchange | TLS | Certificate key |
|---|---|---|---|
| wikipedia.org | X25519MLKEM768 | TLSv1.3 | ECDSA prime256v1 |
Compliance evidence
No security questionnaire asks about quantum yet. They do ask what cryptography you run and how you manage it, and most companies struggle to answer that with anything solid. A scan gives you something to point to.
CEK-04 CSA Cloud Controls Matrix | Encryption Algorithm Observed key exchange, cipher suite and certificate key algorithm for every reachable endpoint (1/1 endpoints on post-quantum key exchange). |
CEK-05 CSA Cloud Controls Matrix | Encryption Change Management Baseline of algorithms in use, so any cryptographic change is detectable against a known-good snapshot. |
CEK-07 CSA Cloud Controls Matrix | Encryption Risk Management Quantum exposure assessed per endpoint, separating retroactively-exploitable key exchange from forward-only signature risk. |
CEK-21 CSA Cloud Controls Matrix | Key Inventory Management 0 certificates and 0 hostnames enumerated from public Certificate Transparency logs. |
A.8.24 ISO/IEC 27001:2022 | Use of cryptography Documented, dated record of which cryptographic algorithms are actually deployed — the evidence this control asks for. |
Crypto Inventory US EO 14412 / OMB M-26-15 | Automated Cryptographic Inventory Machine-generated inventory of cryptographic assets, exportable as a CycloneDX CBOM. |
This is only the outside view
A scan like this sees your public endpoints. The rest of your cryptography lives in your code, your internal services, your key stores, and the software you buy from other people. If you run cryptography at the scale of a bank, an airline, or a retailer and want the full picture, or a walkthrough for your security team, get in touch.
Talk to us