Posted by: Anonymous
on May 20, 2008 10:37 PM
As someone who has used FWKnop, it is not only a "forward password system". You can use it to run a remote command (like sending the correct SPA packet triggers a reboot) or you can even send commands to be run in the server, embedded on the packet.
The packet is not replayable cause FWKnop rejects more than one packet per unit of time (60s if I remember the default) and it does not allow for a packet to be accepted with more than x seconds of difference in time, which literally blocks any replay attemp.
It can use PGP public/private keys so it can verify both client and server, which is even nicer.
I really don't know why fwknop is not more known, it's a fantastic tool. (and no, it's not security through obscurity, it's more like the onion metaphor).