Compute the AES-encryption key given the plaintext and its ciphertext?

Posted by Null Pointers etc. on Programmers See other posts from Programmers or by Null Pointers etc.
Published on 2011-03-11T01:17:07Z Indexed on 2011/03/11 8:18 UTC
Read the original article Hit count: 305

Filed under:
|

I'm tasked with creating database tables in Oracle which contain encrypted strings (i.e., the columns are RAW). The strings are encrypted by the application (using AES, 128-bit key) and stored in Oracle, then later retrieved from Oracle and decrypted (i.e., Oracle itself never sees the unencrypted strings).

I've come across this one column that will be one of two strings. I'm worried that someone will notice and presumably figure out what those two values to figure out the AES key.

For example, if someone sees that the column is either Ciphertext #1 or #2:

  • Ciphertext #1:
    • BF,4F,8B,FE, 60,D8,33,56, 1B,F2,35,72, 49,20,DE,C6.
  • Ciphertext #2:
    • BC,E8,54,BD, F4,B3,36,3B, DD,70,76,45, 29,28,50,07.

and knows the corresponding Plaintexts:

  • Plaintext #1 ("Detroit"):
    • 44,00,65,00, 74,00,72,00, 6F,00,69,00, 74,00,00,00.
  • Plaintext #2 ("Chicago"):
    • 43,00,68,00, 69,00,63,00, 61,00,67,00, 6F,00,00,00.

can he deduce that the encryption key is "Buffalo"?

  • 42,00,75,00, 66,00,66,00, 61,00,6C,00, 6F,00,00,00.

I'm thinking that there should be only one 128-bit key that could convert Plaintext #1 to Ciphertext #1. Does this mean I should go to a 192-bit or 256-bit key instead, or find some other solution?

(As an aside, here are two other ciphertexts for the same plaintexts but with a different key.)

  • Ciphertext #1 A ("Detroit"):
    • E4,28,29,E3, 6E,C2,64,FA, A1,F4,F4,96, FC,18,4A,C5.
  • Ciphertext #2 A ("Chicago"):
    • EA,87,30,F0, AC,44,5D,ED, FD,EB,A8,79, 83,59,53,B7.

© Programmers or respective owner

Related posts about database

Related posts about encryption