Effective CISSP Questions

On August 20, 1998, NIST announced a group of fifteen AES candidate algorithms at the First AES Candidate Conference (AES1) and selected five algorithms from the fifteen as “AES finalists in Round 2 (AES2). Which of the following is not one of the five AES finalists? (Wentz QOTD)
B. RC6
C. Serpent
D. Blowfish

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Blowfish.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Standard overview of AES algorithm
Standard overview of AES algorithm (Credit: UmerFarooq et al.)

Twofish is one of the five AES finalists, not Blowfish.

NIST held two conferences to discuss the submissions (AES1, August 1998 and AES2, March 1999), and in August 1999 they announced that they were narrowing the field from fifteen to five: MARS, RC6, Rijndael, Serpent, and Twofish. All five algorithms, commonly referred to as “AES finalists”, were designed by cryptographers considered well-known and respected in the community. The AES2 conference votes were as follows:

Rijndael: 86 positive, 10 negative
Serpent: 59 positive, 7 negative
Twofish: 31 positive, 21 negative
RC6: 23 positive, 37 negative
MARS: 13 positive, 84 negative

On October 2, 2000, NIST announced that Rijndael had been selected as the proposed AES and started the process of making it the official standard by publishing an announcement in the Federal Register on February 28, 2001 for the draft FIPS to solicit comments. On November 26, 2001, NIST announced that AES was approved as FIPS PUB 197.

NIST won praises from the cryptographic community for the openness and care with which they ran the standards process. Bruce Schneier, one of the authors of the losing Twofish algorithm, wrote after the competition was over that “I have nothing but good things to say about NIST and the AES process.”

Source: Wikipedia


1998 年 8 月 20 日,NIST 在第一屆 AES 候選會議 (AES1) 上公佈了一組 15 種 AES 候選算法,並從 15 種算法中選出了 5 種算法作為“第 2 輪 (AES2) 的 AES 決賽入圍者。以下哪項不是 五位 AES 決賽候選算法? (Wentz QOTD)
B. RC6
C. Serpent
D. Blowfish

Leave a Reply