diff --git a/cryptfs/cryptfs.go b/cryptfs/cryptfs.go
index 214ea10..d7d1516 100644
--- a/cryptfs/cryptfs.go
+++ b/cryptfs/cryptfs.go
@@ -10,7 +10,7 @@ import (
 
 const (
 	DEFAULT_PLAINBS = 4096
-	KEY_LEN         = 16
+	KEY_LEN         = 32 // AES-256
 	NONCE_LEN       = 12
 	AUTH_TAG_LEN    = 16
 	FILEID_LEN      = 16
@@ -38,9 +38,7 @@ func NewCryptFS(key []byte, useOpenssl bool) *CryptFS {
 
 	var gcm cipher.AEAD
 	if useOpenssl {
-		var k16 [16]byte
-		copy(k16[:], key)
-		gcm = opensslGCM{k16}
+		gcm = opensslGCM{key}
 	} else {
 		gcm, err = cipher.NewGCM(b)
 		if err != nil {
diff --git a/cryptfs/openssl_aead.go b/cryptfs/openssl_aead.go
index f73924d..9baa6d5 100644
--- a/cryptfs/openssl_aead.go
+++ b/cryptfs/openssl_aead.go
@@ -8,7 +8,7 @@ import (
 )
 
 type opensslGCM struct {
-	key [16]byte
+	key []byte
 }
 
 func (be opensslGCM) Overhead() int {
@@ -27,7 +27,7 @@ func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
 
 	cipherBuf := bytes.NewBuffer(dst)
 
-	ectx, err := openssl.NewGCMEncryptionCipherCtx(128, nil, be.key[:], nonce[:])
+	ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
 	if err != nil {
 		panic(err)
 	}
@@ -72,7 +72,7 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 	ciphertext = ciphertext[0 : l-AUTH_TAG_LEN]
 	plainBuf := bytes.NewBuffer(dst)
 
-	dctx, err := openssl.NewGCMDecryptionCipherCtx(128, nil, be.key[:], nonce[:])
+	dctx, err := openssl.NewGCMDecryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
 	if err != nil {
 		return nil, err
 	}
diff --git a/gocryptfs_main/main.go b/gocryptfs_main/main.go
index 9ba2648..d6ce064 100644
--- a/gocryptfs_main/main.go
+++ b/gocryptfs_main/main.go
@@ -151,8 +151,18 @@ func main() {
 // a safe place
 func printMasterKey(key []byte) {
 	h := hex.EncodeToString(key)
-	// Make it less scary by splitting it up in chunks
-	h = h[0:8] + "-" + h[8:16] + "-" + h[16:24] + "-" + h[24:32]
+	var hChunked string
+
+	// Try to make it less scary by splitting it up in chunks
+	for i := 0; i < len(h); i+=8 {
+		hChunked += h[i:i+8]
+		if i < 52 {
+			hChunked += "-"
+		}
+		if i == 24 {
+			hChunked += "\n                      "
+		}
+	}
 
 	fmt.Printf(`
 ATTENTION:
@@ -163,7 +173,7 @@ If the gocryptfs.conf file becomes corrupted or you ever forget your password,
 there is only one hope for recovery: The master key. Print it to a piece of
 paper and store it in a drawer.
 
-`, h)
+`, hChunked)
 }
 
 func readPasswordTwice() string {