CipherInputStream has a buffer size of 512 bytes. This is very small, and we see better performance from a larger buffer size in our applications. We sometimes see folks even hacking into CIS internals and allocating 8192-sized buffers with reflective hacks to avoid performance penalties.

As per the comment on the current buffer:

> the size 512 bytes is somewhat randomly chosen

Other examples use larger buffers, like 8192 for ChannelInputStream and FileInputStream, or 16384 for InputStream itself.