This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

Max password length 16? What is this, 1995?

Its more understandable when you consider that this is AES and 16 bytes is 128 bits.

AES being 128 bits isn't relevant, but ok

the secret key has to be 128 bits, so 16 characters

the AES secret key is NOT your password, unless someone wants  to create a very insecure implementation of AES. In fact I wouldn't be surprised if the AES standard addresses this? Anyway, in my experience your password is used to derive a key, it's not the key itself.

the password parameter is turned into 16 bytes and passed on line 63 to the SecretKeySpec, which is for raw secret keys

I didn't look at the code, but if the password is used directly as the key that's a mistake.... and even my (non crypto expert) brain recognizes that.