I have 2 sets of code that achieve the same result: they generate a Secret key 16 character long that respect the Base32 standards using only native PHP code.
$alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
for ($i = 0; $i < 16; ++$i)
$filter .= $alphabet[random_int(0, 31)];
echo $filter; //MTI6U3ATMJ65JRHH
and
$alphabet = preg_replace("/[\/=+0189]/", "", base64_encode( openssl_random_pseudo_bytes(24) ));
$filter = substr(strtoupper($alphabet), 0, 16);
echo $filter; //DFFMP7DS24SRD63U
My question is: which of the 2 is more random!?