I'm tasked with creating database tables in Oracle which contain encrypted
strings (i.e., the columns are RAW). The strings are encrypted by the application
(using AES, 128-bit key) and stored in Oracle, then later retrieved from Oracle
and decrypted (i.e., Oracle itself never sees the unencrypted strings).
I've come across this one column that will be one of two strings.
I'm worried that someone will notice and presumably figure out what
those two values to figure out the AES key.
For example, if someone sees that the column is either Ciphertext #1 or #2:
Ciphertext #1:
BF,4F,8B,FE, 60,D8,33,56, 1B,F2,35,72, 49,20,DE,C6.
Ciphertext #2:
BC,E8,54,BD, F4,B3,36,3B, DD,70,76,45, 29,28,50,07.
and knows the corresponding Plaintexts:
Plaintext #1 ("Detroit"):
44,00,65,00, 74,00,72,00, 6F,00,69,00, 74,00,00,00.
Plaintext #2 ("Chicago"):
43,00,68,00, 69,00,63,00, 61,00,67,00, 6F,00,00,00.
can he deduce that the encryption key is "Buffalo"?
42,00,75,00, 66,00,66,00, 61,00,6C,00, 6F,00,00,00.
I'm thinking that there should be only one 128-bit key
that could convert Plaintext #1 to Ciphertext #1.
Does this mean I should go to a 192-bit or 256-bit key
instead, or find some other solution?
(As an aside, here are two other
ciphertexts for the same plaintexts but with a different key.)
Ciphertext #1 A ("Detroit"):
E4,28,29,E3, 6E,C2,64,FA, A1,F4,F4,96, FC,18,4A,C5.
Ciphertext #2 A ("Chicago"):
EA,87,30,F0, AC,44,5D,ED, FD,EB,A8,79, 83,59,53,B7.
