Constraints on the password imposed by m209 on first password management

I was going through the paper [Password Security: A Case History][1] By Robert Morris and Ken Thompson on authentication. It has been mentioned in the First Scheme that the first encryption used m209, in which they used the user password as the key.

The respective excerpt is,

> Most of the standard encryption methods used (in the past) for > encryption of messages are rather easy to invert. A convenient and > rather good encryption program happened to exist on the system at the > time; it simulated the M-209 cipher machine [1] used by the U.S. Army > during World War II. It turned out that the M-209 program was usable, > but with a given key, the ciphers produced by this program are trivial > to invert. It is a much more difficult matter to find out the key > given the cleartext input and the enciphered output of the program. > Therefore, the password was used not as the text to be encrypted but > as the key, and a constant was encrypted using this key. The encrypted > result was entered into the password file.

As read through the m209 further, seems like the key wheel can have 6 wheels, in which we can set/unset a specific alphabet.

There are some constraints here, - Only alphabets can be used in the key. - They are case insensitive. - Not all the wheels contain all the alphabets that are needed.

Given these constraints, any idea what were the constraints on the passwords imposed by the first generation encryption of the password?

  [1]: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.128.1635&rep=rep1&type=pdf