diff --git a/src/encoding.c b/src/encoding.c
index 41cc03c..8205c87 100644
--- a/src/encoding.c
+++ b/src/encoding.c
@@ -19,6 +19,19 @@
 #include <string.h>
 #include <stdbool.h>
 
+static size_t check_secret_length(size_t len) {
+    if(len < MIN_STRENGTH_BYTES) {
+        return SSKR_ERROR_SECRET_TOO_SHORT;
+    }
+    if(len > MAX_STRENGTH_BYTES) {
+        return SSKR_ERROR_SECRET_TOO_LONG;
+    }
+    if(len & 1) {
+        return SSKR_ERROR_SECRET_LENGTH_NOT_EVEN;
+    }
+    return 0;
+}
+
 static size_t serialize_shard(
     const sskr_shard *shard,
     uint8_t *destination,
@@ -90,11 +103,9 @@ static int deserialize_shard(
     shard->value_len = source_len - METADATA_LENGTH_BYTES;
     memcpy(shard->value, source + METADATA_LENGTH_BYTES, shard->value_len);
 
-    if(shard->value_len < MIN_STRENGTH_BYTES) {
-        return SSKR_ERROR_SECRET_TOO_SHORT;
-    }
-    if(shard->value_len % 2) {
-        return SSKR_ERROR_INVALID_SECRET_LENGTH;
+    size_t err = check_secret_length(shard->value_len);
+    if(err) {
+        return err;
     }
     return shard->value_len;
 }
@@ -137,13 +148,9 @@ static int generate_shards(
     void* ctx,
     void (*random_generator)(uint8_t *, size_t, void*)
 ) {
-
-    if(master_secret_len < MIN_STRENGTH_BYTES) {
-        return SSKR_ERROR_SECRET_TOO_SHORT;
-    }
-
-    if(master_secret_len % 2 == 1) {
-        return SSKR_ERROR_INVALID_SECRET_LENGTH;
+    size_t err = check_secret_length(master_secret_len);
+    if(err) {
+        return err;
     }
 
     // Figure out how many shards we are dealing with
@@ -220,8 +227,9 @@ int sskr_generate(
     void* ctx,
     void (*random_generator)(uint8_t *, size_t, void*)
 ) {
-    if(master_secret_len < MIN_STRENGTH_BYTES) {
-        return SSKR_ERROR_SECRET_TOO_SHORT;
+    size_t err = check_secret_length(master_secret_len);
+    if(err) {
+        return err;
     }
 
     // Figure out how many shards we are dealing with
diff --git a/src/encoding.h b/src/encoding.h
index af4faed..acebe9a 100644
--- a/src/encoding.h
+++ b/src/encoding.h
@@ -14,6 +14,7 @@
 
 #define METADATA_LENGTH_BYTES 5
 #define MIN_STRENGTH_BYTES 16
+#define MAX_STRENGTH_BYTES 32
 #define MIN_SERIALIZED_LENGTH_BYTES (METADATA_LENGTH_BYTES + MIN_STRENGTH_BYTES)
 
 int sskr_count_shards(
diff --git a/src/sskr-errors.h b/src/sskr-errors.h
index 3127871..397ab45 100644
--- a/src/sskr-errors.h
+++ b/src/sskr-errors.h
@@ -14,7 +14,7 @@
 #define SSKR_ERROR_INVALID_SINGLETON_MEMBER         (-4)
 #define SSKR_ERROR_INSUFFICIENT_SPACE               (-5)
 #define SSKR_ERROR_INVALID_RESERVED_BITS            (-6)
-#define SSKR_ERROR_INVALID_SECRET_LENGTH            (-7)
+#define SSKR_ERROR_SECRET_LENGTH_NOT_EVEN           (-7)
 #define SSKR_ERROR_INVALID_SHARD_SET                (-8)
 #define SSKR_ERROR_EMPTY_SHARD_SET                  (-9)
 #define SSKR_ERROR_DUPLICATE_MEMBER_INDEX          (-10)
@@ -23,5 +23,6 @@
 #define SSKR_ERROR_INVALID_PADDING                 (-13)
 #define SSKR_ERROR_NOT_ENOUGH_GROUPS               (-14)
 #define SSKR_ERROR_INVALID_SHARD_BUFFER            (-15)
+#define SSKR_ERROR_SECRET_TOO_LONG                 (-16)
 
 #endif /* SSKR_ERRORS_H */