Is my website quantum-safe?

Almost every website on the internet uses RSA or ECDSA for its TLS certificate — and both are breakable by a sufficiently large quantum computer. Here's what that means for you, and how to check your own site in seconds.

Why RSA and ECDSA aren't quantum-safe

The security of RSA rests on factoring large numbers being hard; ECDSA rests on the elliptic-curve discrete-log problem. In 1994, Peter Shor showed a quantum computer can solve both efficiently. A large, fault-tolerant quantum computer would therefore recover the private key from a public key — forging signatures and decrypting sessions. Such a machine doesn't exist publicly yet, but serious estimates put it within the lifetime of data you're protecting today.

"Harvest now, decrypt later" (HNDL)

You don't need the quantum computer to exist today to be at risk today. An adversary can record your encrypted traffic now and simply wait. When quantum hardware matures, they decrypt the archive. Anything that must remain confidential for 5–15 years — health, financial, government, IP — is already exposed to this strategy.

How to check your site

A quantum-readiness scan fetches your live TLS certificate and grades its cryptography:

  1. Enter your domain above (or in the Quantum Scan tab).
  2. Get a letter grade (A+ for post-quantum, down to F for broken classical).
  3. See your key algorithm, HNDL risk level, and a concrete migration recommendation.

What to do about it

Scan any domain now →

Related guides

Post-quantum cryptography for TLS RSA vs ECDSA vs Ed25519 vs ML-DSA How to generate a CSR