Currently, authenticate validates the ciphertext as being >= 32 characters.
Then, you take 2 substrings, each 64 characters long.
If a ciphertext is passed in as 40 characters long, then it would not error at the "message too short" error, but it would not create a valid ciphertext.
Instead, check to see if the ciphertext is >= 64 characters.
Currently, authenticate validates the ciphertext as being >= 32 characters.
Then, you take 2 substrings, each 64 characters long.
If a ciphertext is passed in as 40 characters long, then it would not error at the "message too short" error, but it would not create a valid ciphertext.
Instead, check to see if the ciphertext is >= 64 characters.