Best practises

Block chain modes

The standard crpyt modes use CBC. Use of ECB is not supported, see http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_.28ECB.29. The only advantage of ECB is saving some bytes for the ciphertext (exactly the cipher's blocksize).

Padding modes

The standard crypt modes use PKCS5Padding. This allows plain texts of arbitrary sizes, but enlarges the cipher output at most by the block size. You can use "Nopadding", but this requires the plain text to be a multiple of the block size.

Initialization vectors

Crypt uses random initialization vectors. Right now it's not possible to use custom or constant initialization vectors. At all, it's strongly discouraged to use constant initialization vectors except for plain text, that starts with random data like a signature or a timestamp.

Password handling

If you need to store your encryption password in your application configuration, you might consider a splitted password attempt: one part of the password is stored in your configuration, the other part is a constant in the code. The actual password used is a concatenation of both. So an attacker has to reveal both your configuration and your code.

When using transient passwords, it might be a good idea to clear the password data in memory right after using it. The crypt methods using Strings as passwords clears the temporary password data created by the hash but not the password string itself.