One of the columns in a table in my API's database is an encrypted text formed of two pieces of information concatenated with a given delimiter, lets say a colon. The second piece of information is always, say, 12 characters long.
Does knowing this information open up a security flaw and potentially allow attackers to decrypt the information should they get a hold of it?
The information is encrypted using the php method openssl_encrypt() and with the 'aes-128-gcm' cipher.
What you're talking about is known in the literature as a partially known-plaintext attack (partial-KPA).
The information is encrypted using the php method openssl_encrypt() and with the 'aes-128-gcm' cipher.
AES-GCM combines AES-CTR with GHASH (a polynomial MAC over GF(2^128)).
Answering your question further requires delving a bit deeper into the cryptography weeds, but generally:
One of the columns in a table in my API's database is an encrypted text formed of two pieces of information concatenated with a given delimiter, lets say a colon. The second piece of information is always, say, 12 characters long.
The only thing you can infer from an AES-GCM ciphertext is the length of the plaintext.
In order to be able infer the remainder of the keystream from one byte of ciphertext (and a corresponding known plaintext for that byte), AES would need to be a very insecure block cipher. Since we know (thanks to roughly 21 years of cryptanalysis effort) that AES is a secure block cipher, and AES-GCM is a secure authenticated cipher mode, partial-KPAs are not a concern for this construction.