← cipherwake.io
Watchlists · public scoreboards

Cipherwake Quantum Exposure Watchlists

Sector-specific and cross-sector rankings of public Decryption Blast Radius scores. Updated nightly via Certificate Transparency log mining + active TLS probes. Pick a watchlist to see who's where.

US Banks · worst
Decryption Blast Radius rankings for major US banks — measuring harvest-now-decrypt-later (HNDL) exposure. Updated nightly. Public-surface m…
US Healthcare · worst
Decryption Blast Radius scores for major US healthcare systems. PHI lifetime sensitivity makes harvest-now-decrypt-later quantification espe…
US Federal · worst
Decryption Blast Radius scores for US federal .gov domains. NIST CNSA 2.0 mandates PQC migration by 2035; these rankings measure where each …
SaaS · worst
Decryption Blast Radius scores for the SaaS platforms enterprise customers depend on. If your vendor is here, the data they hold for you inh…
Best performers
Domains with the lowest Decryption Blast Radius across 11 curated sectors. These set the ceiling for what's achievable today on the public s…
Most improved
Domains that have meaningfully reduced their Decryption Blast Radius score in the past 7 days. Updates weekly from the nightly curated peer …
Key reuse · worst
Domains where the same private key has been live across multiple cert rotations — meaning years of past sessions share a single quantum-fail…
RSA fallback
Domains that prefer ECDHE but still accept RSA key exchange — making them downgrade-attackable. Once forced to RSA, harvested ciphertext is …
Wildcard sprawl
Domains where one wildcard cert covers the most subdomains — multiplying the blast radius of any single key compromise.