I want to generate secure passphrase for human
users. I use either SecureRandom or KeyGenerator to generate a
byte array. When I present this byte array to a user as a passphrase,
I have few options.
1. Use BigInteger.toString(bytes, 32)
2. Use Base64.getEncoder().encodeToString(bytes)
I've noticed that BC makes a encryption key from
a passphrase by using PGPUtil.makeKeyFromPassPhrase(), which
backs my program to accept a passphrase typed in by a user. My
question is which method or possibly another one keeps the
maximum level of randomness of the original byte array. Or are
they the same?