Encryption intro
AES/block ciphers
Block modes (ECB, CTR, OFB)
Key sizes
RSA in Java
SecureRandom
Secure hash functions
Reading encrypted ZIP files in Java
Password recovery

Java Cryptography

Cryptography is a field looking at techniques for "encoding and verifying things securely". It tends to focus on the following issues:

encryption of data so that an unauthorised third party cannot read it without a key of some sort;
authentication and validation (or certification): broadly speaking, checking that a piece of data is "what it should be" or "hasn't been tampered with"— e.g. whether the data was transmitted error-free, whether it was deliberately altered by third parties, and indeed whether the parties are who we believe they are;
computer protocols for using the previous two techniques correctly and in a way that allows all parties to know how they're being used (e.g. the TLS protocol allows a client to connect to a server over the Internet without the two machines previously knowing things such as session key or even preferred encryption method, maximum key length etc).

Indirectly at least, it is also concerned with human protocols for using these techniques (e.g. "don't make your password less than X characters", "don't just use letters in your password" etc).

When used appropriately, cryptography brings developers some very powerful tools, allowing us to do things like transmit login information securely across an untrusted network. Java is an excellent choice for building secure applications from the point of view that it has various standard cryptographical functions built in to the standard runtime libraries. But just as the existence of the Swing library doesn't automatically give your application a fantastic user interface, a cryptography library does not bring automatic security. There are still various challenges that we need to address beyond the simple "how do I perform such-and-such a function", for example:

we need to understand which tool/algorithm we need when;
where there's a choice, we need to assess the strengths and weaknesses of each;
some algorithms have various parameters that we need to understand;
using some algorithms correctly can be tricky and requires a little understanding of what is going on (e.g. using "128-bit encryption" with a key generated by java.util.Random doesn't give anything like 128 bits of security...);
even issues such as "what data should we encrypt when" can be a problem;
we need to take account of the security risks and needs, vs other needs, of different parts of our application and system as a whole.

On the following pages, we therefore discuss various topics:

we start with an introduction to encryption in general, considering why key-based encryption with a public algorithm is generally a better solution than "security through obscurity";
we look at symmetric encryption, which gives generally fast encryption via a shared secret key, generally using a type of algorithm called a block cipher whose weaknesses we need to assess;
asymmetric encryption, including how to use the common RSA encryption scheme in Java;
we give a comparison of encryption algorithms, showing performance data and an overview of current security opinion on the various symmetric ciphers;
key sizes: how to choose an encryption key size for symmetric encryption and how to enable and use larger key sizes in Java;
Secure hash functions, used for a variety of purpoes; we consider the performance and security of the various algorithms provided by standard in Java 6;
password-based encryption, in which we derive an encryption key from a password entered by the user.