While working on Google Authenticator, stumbled upon these little facts, why base32 was chosen over base64 for shared secret key:
- The resulting character set is all one case, which can often be beneficial when using a case-insensitive filesystem, spoken language, or human memory.
- The Base32 result can be used as a file name because it can not possibly contain the ‘/’ symbol, which is the Unix path separator.
- The alphabet can be selected to avoid similar-looking pairs of different symbols, so the strings can be accurately transcribed by hand. (For example, the RFC 4648 symbol set omits the digits for one, eight and zero, since they could be confused with the letters ‘I’, ‘B’, and ‘O’.)
- Base32 result excluding padding can be included in a URL without encoding any characters.