Re: DES
Not that long ago I had to create a password for some site that simply told me a password was "unacceptable", with no further details. Now I've forgotten what site it was. I think I simply gave up and didn't create an account.
And I remember some time back using one which silently removed "special characters" from the password entry fields - and used different filters for password creation and user authentication. Took a while to figure out what was going on there.
(Of course, any application which has to filter out special characters from user input is broken and the developers should be sent for remedial training. Injection attacks are a real problem, but you fix them by not passing tainted data into evaluation mechanisms, not by blocking user input. Just the other day I was asked to write a comment on a site which - again silently - stripped out most punctuation characters, including semicolons, parentheses, and hyphens(!). As if those aren't fairly important in English prose.)
Biting the hand that feeds IT
