Use TOTP instead of fixed password

Question

Use TOTP instead of fixed password

stettler opened this issue 9 months ago · comments

Hello,
Would it be possible to add TOTP? Instead of configuring the server to accept a fixed password, it would be a lot more secure if fwknopd would accept a TOTP password (no need to change anything to the client).

e40 · Answer 1 · Sun Nov 19 2023 02:11:44 GMT+0800 (China Standard Time)

What I do is keep my password in 1Password and use their Homebrew-based CLI to retrieve it and knock via a script.

stettler · Answer 2 · Sun Nov 19 2023 06:41:19 GMT+0800 (China Standard Time)

But that still a fixed password... What I mean is that instead of setting a fixed "KEY" on the server side and asking for that "KEY" from the client, we could use a time based OTP. That way, the "KEY" would change regularly and there would be no need for a fixed password.

e40 · Answer 3 · Mon Nov 20 2023 05:58:46 GMT+0800 (China Standard Time)

But that still a fixed password... What I mean is that instead of setting a fixed "KEY" on the server side and asking for that "KEY" from the client, we could use a time based OTP. That way, the "KEY" would change regularly and there would be no need for a fixed password.

I agree. I didn't say, but I was assuming the feature was desired because storing a password for automatic knocking is insecure. However, I agree, it's a good feature.