methods of keeping most randomness?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

methods of keeping most randomness?

Lou Wynn

Hi,

I want to generate secure passphrase for human users. I use either SecureRandom or KeyGenerator to generate a byte array. When I present this byte array to a user as a passphrase, I have few options.

1. Use BigInteger.toString(bytes, 32)

2. Use Base64.getEncoder().encodeToString(bytes)

I've noticed that BC makes a encryption key from a passphrase by using PGPUtil.makeKeyFromPassPhrase(), which backs my program to accept a passphrase typed in by a user. My question is which method or possibly another one keeps the maximum level of randomness of the original byte array. Or are they the same?

-- 
Thanks,
Lou