BestHub
Sign in
Information Security 9 min read

Master the 7 Most Essential Encryption Algorithms for Secure Systems

Explore the seven most commonly used encryption algorithms—including MD5, SHA families, HMAC, AES, DES/3DES, RSA, and DSA—detailing their principles, Java implementations, performance, and practical security guidelines, while highlighting real-world attack scenarios and best‑practice recommendations for robust information protection.

Su San Talks Tech
Su San Talks Tech
Su San Talks Tech
Master the 7 Most Essential Encryption Algorithms for Secure Systems

Preface

A few years ago a company's database was not encrypted and was completely exfiltrated by hackers, exposing millions of user accounts, passwords, and phone numbers. The following examples illustrate common mistakes:

@PostMapping("/register")
public void register(@RequestParam String password) {
    userDao.save(new User(password));
}

The code stores user passwords in plain text, demonstrating the lack of encryption, salting, and sensitive data protection.

1. The Hash Trio

1.1 MD5

MD5 is a hash algorithm that converts data of any length into a 128‑bit hash value. It processes data through four rounds of non‑linear functions, each performing 16 bitwise operations. Due to collision vulnerabilities, MD5 is no longer considered secure.

Java implementation:

public static String md5WithSalt(String password) {
    String salt = UUID.randomUUID().toString().substring(0, 8);
    return DigestUtils.md5Hex(password + salt); // add salt
}

Attackers can crack MD5 via rainbow‑table attacks (45%), collision attacks (30%), or brute‑force (25%). Adding a salt makes it usable as a basic protection layer.

1.2 SHA Family – New Hash Standard

The SHA family generates hashes through multiple rounds of bitwise and modular operations. For example, SHA‑256 pads data to a multiple of 512 bits, initializes eight 32‑bit values, performs 64 rounds of operations, and produces a 256‑bit hash.

Java implementation:

public static String sha256(String input) throws NoSuchAlgorithmException {
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    byte[] hash = md.digest(input.getBytes(StandardCharsets.UTF_8));
    return Hex.encodeHexString(hash);
}

1.3 HMAC

HMAC combines a hash function with a secret key to improve security. HMAC(K, m) = H((K ⊕ opad) || H((K ⊕ ipad) || m)) Java implementation:

public static String hmacSha256(String key, String data) throws Exception {
    Mac mac = Mac.getInstance("HmacSHA256");
    mac.init(new SecretKeySpec(key.getBytes(), "HmacSHA256"));
    return Base64.getEncoder().encodeToString(mac.doFinal(data.getBytes()));
}

HMAC requires a secret key before generating the hash.

HMAC verification flow
HMAC verification flow

2. Symmetric Encryption Twins

2.1 AES

AES is the modern standard for symmetric encryption. It uses a Substitution‑Permutation Network (SPN) structure with key expansion, an initial round, ten processing rounds (byte substitution, row shift, column mixing, round key addition), and a final round that omits column mixing.

Java code example (AES‑GCM):

Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec spec = new GCMParameterSpec(128, iv);
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), spec);

2.2 DES/3DES

DES processes data in 64‑bit blocks with 16‑round Feistel structure. 3DES applies DES three times with different keys to increase security.

Java code example:

Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
SecretKey key = new SecretKeySpec(keyBytes, "DESede");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] cipherText = cipher.doFinal(plainText.getBytes());
DES/3DES processing steps
DES/3DES processing steps

3. Asymmetric Encryption Twins

3.1 RSA

RSA underpins secure communications on the Internet. It relies on the difficulty of factoring large numbers.

Key generation (Java):

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048);
KeyPair pair = keyGen.generateKeyPair();

3.2 DSA

DSA is specialized for digital signatures.

DSA signing process
DSA signing process

Java implementation:

Signature dsa = Signature.getInstance("SHA256withDSA");
dsa.initSign(privateKey);
dsa.update(data);
byte[] signature = dsa.sign();

Conclusion

Choosing Encryption Algorithms: Use salted hashing for password storage, TLS 1.3 with AES‑256‑GCM for HTTPS, RSA keys of at least 2048 bits, and rotate HMAC keys regularly.

Three Golden Rules:

Depth Defense: Combine multiple encryption algorithms.

Key is King: Proper key management outweighs algorithm choice.

Continuous Evolution: Monitor advances such as quantum‑resistant algorithms.

Security Toolset:

Keycloak for key management

Bouncy Castle extensions

OWASP encryption guidelines

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Javaencryptioninformation securityHashingcryptographyasymmetric encryptionsymmetric encryption
Su San Talks Tech
Written by

Su San Talks Tech

Su San, former staff at several leading tech companies, is a top creator on Juejin and a premium creator on CSDN, and runs the free coding practice site www.susan.net.cn.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment