Is it safe to store AES encrypted string and the original string in plaintext next to each other?

Question

I have a server app that stores encrypted payload ($textPayload) that users encrypted on their side (The server is just stores is and serves it). Users can use multiple encryption keys for different payloads ($textPayload)- the server doesn't know. I am thinking about how to implement editing.

One approach I came up with was generating a random string ($editTokenPlain) on the client, encrypting it ($editToken) with the same key and storing both $editTokenPlain and $editToken next to the sensitive encrypted payload ($textPayload). Then user would receive the edit token($editTokenPlain), encrypt it and send it together with the edited payload and if the encrypted token matched the encrypted value on the server - then the payload would be updated.

My question is: If I have 2 encrypted texts($textPayload,$editToken) with the same encryption key (using AES) and 1 decrypted text $editTokenPlain - can someone derive the encryption key?

Does this answer your question? Is it possible to find the key for AES ECB if I have a list of plaintext and corresponding ciphertext? — kelalaka, Aug 09 '20 at 07:06

score 1 · Accepted Answer · answered Aug 08 '20 at 11:54

1

What you're talking about is called a known plaintext attack, and any block cipher worth its salt will be resistant to it. So yes, it should be safe.

answered Aug 08 '20 at 11:54

user82867

366
1
5

Is it safe to store AES encrypted string and the original string in plaintext next to each other?

1 Answers1