The {AES3} part is used as a prefix, so that doesn’t count. The remainder is a base64 encoded string containing the encrypted value. When you base64-decode that part, you end up with the actual AES encrypted value and if you’re right it’s length should be divisible by 16. I’m not familiar with these encryption methods, so I’m not sure about the math, but at least you should consider the fact that the value is base64 encoded on top of being encrypted.