Did some research on on this. Capturing the findings.
- Do not use DES, or 3DES. Use AES.
- Use AES/CBC/PKCS7Padding at least.
- Use AES/CFB/PKCS5Padding to generate different cipher for the same plain-text.
- Use AES/GCM/NoPadding for most secure stuff.
- Use 256 bit keys.
- When encrypting passwords, add a salt and ecnrypt password with bcrypt. This is to beat ranbow tables.
- It's okay to save salt in db.