Use TOTP instead of fixed password
stettler opened this issue · comments
Hello,
Would it be possible to add TOTP? Instead of configuring the server to accept a fixed password, it would be a lot more secure if fwknopd would accept a TOTP password (no need to change anything to the client).
What I do is keep my password in 1Password and use their Homebrew-based CLI to retrieve it and knock via a script.
But that still a fixed password... What I mean is that instead of setting a fixed "KEY" on the server side and asking for that "KEY" from the client, we could use a time based OTP. That way, the "KEY" would change regularly and there would be no need for a fixed password.
But that still a fixed password... What I mean is that instead of setting a fixed "KEY" on the server side and asking for that "KEY" from the client, we could use a time based OTP. That way, the "KEY" would change regularly and there would be no need for a fixed password.
I agree. I didn't say, but I was assuming the feature was desired because storing a password for automatic knocking is insecure. However, I agree, it's a good feature.