Effective CISSP Questions

You are evaluating cryptographic algorithms to secure your order processing. Three block-ciphers, RC6, Rijndael, and Twofish, are on the final list after the first round of evaluation. Which of the following is the least concern to select the finalist? (Source: Wentz QOTD)
A. Avalanche effect
B. Work factor
C. Key exchange
D. Confusion and diffusion

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Key exchange.

RC6, Rijndael, and Twofish are symmetric ciphers that use the same secret key to encrypt the plaintext and decrypt the ciphertext. Key exchange is not a concern of symmetric ciphers. The secret key is exchanged through asymmetric algorithms, e.g., Diffie Hellman or public-key encryption.

Confusion and Diffusion

Avalanche Effect

In cryptography, the avalanche effect is the desirable property of cryptographic algorithms, typically block ciphers[1] and cryptographic hash functions, wherein if an input is changed slightly (for example, flipping a single bit), the output changes significantly (e.g., half the output bits flip).

Source: Wikipedia

Confusion and Diffusion

In cryptography, confusion and diffusion are two properties of the operation of a secure cipher identified by Claude Shannon in his 1945 classified report A Mathematical Theory of Cryptography. These properties, when present, work to thwart the application of statistics and other methods of cryptanalysis.

Source: Wikipedia

Work Factor

Most ciphers, apart from the one-time pad, can be broken with enough computational effort by brute force attack, but the amount of effort needed may be exponentially dependent on the key size, as compared to the effort needed to make use of the cipher. In such cases, effective security could be achieved if it is proven that the effort required (i.e., “work factor”, in Shannon’s terms) is beyond the ability of any adversary.

Source: Wikipedia



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.


Leave a Reply