CryptoToolkit is an educational tool. The cryptographic implementations are designed for learning and are explicitly not suitable for production use.
Known non-production characteristics:
- BigInt arithmetic is not constant-time (timing leaks proportional to operand size)
- Key material is not zeroized after use
- No formal verification or side-channel analysis has been performed
generateRandomPrimedraws fresh CSPRNG candidates per iteration (FIPS 186-5 §B.3.3 compliant), but uses software Miller-Rabin rather than hardware-accelerated primality testing- GHASH length encoding uses 32-bit JS bitwise operations (correct for inputs < 268MB)
If you find a correctness bug in a cryptographic implementation (wrong output for a known test vector, an attack demo that doesn't actually compute what it claims, or a security header misconfiguration):
- Open a GitHub issue — this is an educational project, not production infrastructure, so responsible disclosure timelines don't apply
- Include: what you expected, what you got, and which test vector or spec section applies
- If you have a fix, PRs are welcome
This codebase has been through 6 internal audit sweeps covering:
- FIPS 197 / SP 800-38D test vector verification (AES, GCM)
- FIPS 180-4 test vector verification (SHA-256)
- RFC 4231 test vector verification (HMAC-SHA256)
- Miller-Rabin correctness against Carmichael numbers
- CSP header verification against deployed headers
- Coolify nginx parity checks against
public/_headers,vercel.json, anddeploy/nginx.coolify.conf - Edge-transform prevention for HTML so a proxy cannot inject analytics code outside the reviewed CSP and no-tracking boundary
- CSPRNG usage audit (
Math.randombanned via ESLint) - Dependency placement audit (build tools in devDependencies)
- BigInt falsy-zero audit (
0nis falsy in JS) - Release transparency audit (SBOM, checksums, and local provenance checklist)
- Crypto-agility inventory and misuse-decision coverage (versioning, downgrade rejection, protocol ownership, PQC prioritization, and rollback)
The crypto-agility lab is design education. It does not implement post-quantum algorithms, replace browser or provider TLS, or certify a migration plan. Production migration requires supported libraries, protocol-owner coordination, interoperability evidence, staged telemetry, and an approved rollback policy.
Findings and resolutions are tracked in tasks/todo.md.