This was a pretty entertaining read. I once had the pleasure of finding code which double base64 encoded your password before setting it as a cookie. It contained the comment: “This will only stop script kiddies, not 1337 hackers”.
Because you know, some people are smart enough to base64 decode, but they’d never think of doing it twice.
Wouldn’t base64 encoding something twice give you the same result as doing it once?
base64 encodes bytes, not characters - so the second base64 be much larger than the first one.