Ignore most of the other comments threading from this point, and HASH THE PASSWORDS with a salted hashing scheme. If it's not salted, it's almost as bad as not encrypting them at all.
Hashed passwords are character-agnostic as well, so the only reason to limit your character-space then becomes preventing injection... which you should be using a library to do for you, because, frankly, "they" know better, and it's been more heavily tested than your code.
If you're storing passwords in ANY reversible format, you're a threat to every user's security. It's part of why I like OpenID: if your server is compromised, I'm not.
If you're storing passwords in ANY reversible format, you're a threat to every user's security. It's part of why I like OpenID: if your server is compromised, I'm not.