I'm tasked with creating database tables in Oracle which contain encrypted strings (i.e., the columns are RAW). The strings are encrypted by the application (using AES, 128-bit key) and stored in Oracle, then later retrieved from Oracle and decrypted (i.e., Oracle itself never sees the unencrypted strings).

I've come across this one column that will be one of two strings. I'm worried that someone will notice and presumably figure out what those two values to figure out the AES key.

For example, if someone sees that the column is either Ciphertext #1 or #2:

• Ciphertext #1:
  • BF,4F,8B,FE, 60,D8,33,56, 1B,F2,35,72, 49,20,DE,C6.
• Ciphertext #2:
  • BC,E8,54,BD, F4,B3,36,3B, DD,70,76,45, 29,28,50,07.

and knows the corresponding Plaintexts:

• Plaintext #1 ("Detroit"):
  • 44,00,65,00, 74,00,72,00, 6F,00,69,00, 74,00,00,00.
• Plaintext #2 ("Chicago"):
  • 43,00,68,00, 69,00,63,00, 61,00,67,00, 6F,00,00,00.

can he deduce that the encryption key is "Buffalo"?

• 42,00,75,00, 66,00,66,00, 61,00,6C,00, 6F,00,00,00.

I'm thinking that there should be only one 128-bit key that could convert Plaintext #1 to Ciphertext #1. Does this mean I should go to a 192-bit or 256-bit key instead, or find some other solution?

(As an aside, here are two other ciphertexts for the same plaintexts but with a different key.)

• Ciphertext #1 A ("Detroit"):
  • E4,28,29,E3, 6E,C2,64,FA, A1,F4,F4,96, FC,18,4A,C5.
• Ciphertext #2 A ("Chicago"):
  • EA,87,30,F0, AC,44,5D,ED, FD,EB,A8,79, 83,59,53,B7.