Algorithm Deprecation & PQC Checker

Check the security status of cryptographic algorithms against NIST guidelines and post-quantum readiness.

Search algorithms

Type

Status

Algorithm	Type	Key Size	Status	PQC Safe?	NIST	Notes
AES-128	Symmetric	128 bits	Safe	Safe	Approved	Standard symmetric cipher. PQC-safe (double key size for Grover's).
AES-192	Symmetric	192 bits	Safe	Safe	Approved	Strong symmetric cipher.
AES-256	Symmetric	256 bits	Safe	Safe	Approved	Recommended for post-quantum security.
3DES / Triple DES	Symmetric	168 bits	Deprecated	N/A	Deprecated (2023)	Deprecated by NIST. Migrate to AES.
DES	Symmetric	56 bits	Broken / Unsafe	N/A	Withdrawn	Broken. Do not use.
RC4	Symmetric	Variable	Broken / Unsafe	N/A	Prohibited	Broken. Prohibited in TLS.
ChaCha20-Poly1305	Symmetric	256 bits	Safe	Safe	Approved	Modern AEAD cipher. PQC-safe.
Blowfish	Symmetric	32-448 bits	Deprecated	N/A	Not approved	Legacy. Use AES instead.
RSA-1024	Asymmetric	1024 bits	Broken / Unsafe	Broken / Unsafe	Disallowed	Too short. Factorable with current hardware.
RSA-2048	Asymmetric	2048 bits	Safe	Broken / Unsafe	Approved until 2030	Minimum acceptable. Vulnerable to quantum computers.
RSA-3072	Asymmetric	3072 bits	Safe	Broken / Unsafe	Approved	128-bit security equivalent. Still vulnerable to quantum.
RSA-4096	Asymmetric	4096 bits	Safe	Broken / Unsafe	Approved	Strong but slow. Still vulnerable to quantum.
ECDSA P-256	Asymmetric	256 bits	Safe	Broken / Unsafe	Approved	128-bit security. Vulnerable to quantum (Shor's algorithm).
ECDSA P-384	Asymmetric	384 bits	Safe	Broken / Unsafe	Approved	192-bit security. Vulnerable to quantum.
Ed25519	Asymmetric	256 bits	Safe	Broken / Unsafe	Approved	Fast EdDSA. Vulnerable to quantum.
DSA	Asymmetric	1024-3072 bits	Deprecated	Broken / Unsafe	Deprecated	Deprecated by NIST in FIPS 186-5. Use ECDSA or Ed25519.
DH-1024	Key Exchange	1024 bits	Broken / Unsafe	Broken / Unsafe	Disallowed	Vulnerable to Logjam attack.
DH-2048	Key Exchange	2048 bits	Safe	Broken / Unsafe	Approved	Minimum acceptable. Vulnerable to quantum.
ECDH P-256	Key Exchange	256 bits	Safe	Broken / Unsafe	Approved	Standard EC key exchange. Vulnerable to quantum.
X25519	Key Exchange	256 bits	Safe	Broken / Unsafe	Approved	Modern key exchange. Vulnerable to quantum.
MD5	Hash	128 bits	Broken / Unsafe	N/A	Not approved	Collision attacks demonstrated. Do not use for signatures.
SHA-1	Hash	160 bits	Deprecated	N/A	Deprecated (2030 disallowed)	Collision attacks demonstrated. Migrate to SHA-256+.
SHA-256	Hash	256 bits	Safe	Safe	Approved	Standard hash. PQC-safe.
SHA-384	Hash	384 bits	Safe	Safe	Approved	Strong hash. PQC-safe.
SHA-512	Hash	512 bits	Safe	Safe	Approved	Strong hash. PQC-safe.
SHA3-256	Hash	256 bits	Safe	Safe	Approved	Keccak-based. PQC-safe.
ML-KEM-768 (Kyber)	PQC KEM	768	Safe	Safe	FIPS 203 (2024)	NIST standard PQC key encapsulation. Recommended.
ML-DSA-65 (Dilithium)	PQC Signature	Level 3	Safe	Safe	FIPS 204 (2024)	NIST standard PQC digital signature. Recommended.
SLH-DSA (SPHINCS+)	PQC Signature	Variable	Safe	Safe	FIPS 205 (2024)	Stateless hash-based PQC signature. Conservative choice.

Algorithm Deprecation & PQC Readiness Checker

Check the security status of cryptographic algorithms against current NIST guidelines and post-quantum readiness. Algorithms are classified as Safe, Deprecated, or Broken for both classical and quantum threat models.

Key takeaways

All RSA and ECC algorithms are vulnerable to quantum computers (Shor's algorithm)
Symmetric algorithms (AES) and hash functions (SHA-2, SHA-3) are PQC-safe at current key sizes
NIST has standardized ML-KEM (Kyber) and ML-DSA (Dilithium) as PQC replacements
3DES, DES, RC4, MD5, and SHA-1 should be migrated away from immediately

Ready to Secure Your Enterprise?

Experience how our cryptographic solutions simplify, centralize, and automate identity management for your entire organization.

Request a Demo Talk to Sales