Does having 2 different cyphertexts for the same plaintext help an attacker
I'm considering using key rotation for a website. Let's say I generate new keys every month.
In Jan someone saves a URL on their browser, let's say in plaintext it's https://example/12345 encrypted to https://example/sdsdsdsd
In Feb I have a new key but I allow the key from Jan. Do I ever stop supporting it?
By logging in and manually navigating to the same page someone can generate 2 cyphertexts and they know they both say exactly the same thing. Let's say in Feb the URL is https://example/fgfgfgfgfg
By the end of the year someone could have generated 12 different cyphertexts for the same plaintext. They don't have the plaintext but they know all 12 cyphertexts must say the same thing. Using that could they crack the Jan key (which, presumably, I still have to support)? Is this a weakness?
EDIT: Just saw this Encoding Same Message with Different IV (AES/CBC)
Changing the key "well before 2^64" messages gives plenty of scope for just using the same key with a different IV each time. Unless you're some huge site with massive throughput is key rotation even needed if you use a different IV every time?
