The algorithm is clearly written under the assumption that these will add up less to 15; if it doesn't, padding it to 16 (with the index byte) doesn't make any sense.

If we're going to keep the Long CID algorithm, it might be easier just to say that for 16 bytes and more, you should just use Long CID. Why not? It would save encryption passes.

If we get rid of Long CID, then we'll probably have to rewrite that particular case.

I must have been tired when I filed this, because it's not true.