CRM_Core_Key::valid() does backwards comparison
strpos params are backwards
Function is not used directly much but is used indirectly via CRM_Utils_Rule.php::qfKey() many places, but looking at the function it probably doesn't matter as long as the key still has a 32-digit hex code in it somewhere.
It is totally not clear why any "seq" number after an underscore has to be between 1 and 10000, and I'm guessing it never happens that it's outside that range, but of course it never gets to check that.