> Yeah, I was using a 256-bit length key with AES-128-CBC then trying to
> decrypt it in another program never works.
> And in fact, its better to throw or even warn/notice about it instead of
> silently allowing it, *what you think?*
I can't imagine a legitimate scenario necessitating too much, or too
little, key bits.
So, I think this is throw-worthy, perhaps a \RangeException. This isn't my
area of expertise though -- so I'm copying Sara who, if memory serves, has
recently been dealing with crypto.
See also Bug #72247.