Some stupid rule thought up by someone that is trying to force users to make passwords that they can remember. Like some sort of Web/IT version Clippy saying, "I see you're trying to enter a password with a '+' in it. Are you sure that isn't a typo?"
Either that or their backend software is incompetent (as well as the people that made it) and can't handle pattern-matching outside of [:alnum:] or can't store character values outside of [:alnum:]. It's the same reason that there are many sites that you can't use the 'md5 a single password against the site's domain name' trick because they limit password length to 8 or 16 characters (as if they are some sort of 'accepted industry standard').
I like that idea of using some sort of standard hash and password pairing along with the domain to come up with a password that's site-unique. Is that original, or taken from somewhere?
Have you considered using base64 or some other encoding to shorten the string?
Maybe I'm misunderstanding, but the string will already be Base64 if it's human readable (I'm not trying to use character 254 as part of my password) and base64 encoding actually grows the data you are encoding (since you are breaking some bytes down into two bytes to make them both human readable).
The problem being length. Human-readable (ascii-armored/whatever) hashes (md5/sha-1/sha-256) have standard lengths which are usually longer than the maximum size of the password fields.
I was assuming he was using the hex digest of the hash. You have to use some kind of ascii armoring, and base64 seemed like one that'd be reasonably safe.
