@7, Rijndael allows key lengths (up to some library-determined limit, which is implementation-specific); AES only allows you to use 128, 192, or 256-bit keys (that's 16, 24 or 32-bytes). You might ask how that's secure; the simple answer is that since you can use any character (even NULLs) in your keys for most libraries, you can use any character in the universe. If your implementation allows, you can even use invalid UTF-8 code points! If we consider only the valid code points (1112064) you have, roughly, 10^(10^6.126799545566277), 10^(10^6.186075342271296), and 10^(10^6.223709558574334) possibilities for your key. Let's just say that all three of those power-of-10 representations are incredibly large numbers and leave it at that. If you include the invalid code points too, you have limitless possibilities that are impossible to test. (Unfortunately, I don't know of any UTF-8 library that will allow invalid code points; every one I know will replace them with some other code point that's valid, if the OS doesn't do it first.)
"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." — Charles Babbage.
My Github