Journalists who use the popular encryption tool TrueCrypt can relax. There is no evidence of any new or dangerous vulnerability in TrueCrypt, despite a recent scare over its integrity, CPJ reports.
Editor’s note: This post, originally titled “Journalists can safely use TrueCrypt, for now,” was updated on July 7, 2014, to reflect CPJ’s increased confidence that the recent events are a result of the TrueCrypt developers’ decision to discontinue work on the project, rather than the discovery of a new vulnerability.
An excerpt of the original June 20, 2014 CPJ Blog post, by Geoffrey King/CPJ Internet Advocacy Coordinator and Tom Lowenthal/Staff Technologist:
Journalists who use the popular encryption tool TrueCrypt can relax. There is no evidence of any new or dangerous vulnerability in TrueCrypt, despite a recent scare over its integrity.
Six weeks ago, technologist and journalist Runa Sandvik reported in Forbes about a worrying notice on TrueCrypt’s website: a warning that the software is “not secure,” with instructions to replace it. Given recent news about critical technical vulnerabilities in other security software, this unexpected posting prompted widespread concern about the status of the open-source project and the security of TrueCrypt software.
Read the full blog post on CPJ’s site.
