Impose a lower limit of 256 on key lengths. This is mostly because

Impose a lower limit of 256 on key lengths. This is mostly because
the primegen() function doesn't work well with <100 bits, so RSA
keys need to be >=200 to be generated correctly, and I thought 256
was a nice round number beyond that just to be sure. Perhaps I
should also have a security warning on any key less than 768; or
perhaps I should let people shoot themselves in the feet if they
really want to.

[originally from svn r767]