An alternative to port triggering?

Joshua enjoyed the security article I linked to on Sunday and in his write up he mentioned Port Knocking.

I've never used port triggering, which is available in most (all?) consumer NAT boxes for the reasons outlined in the paper (PDF) but I like the idea of needing to provide a cipher of some kind to actually force the lock (using S/KEY or some other one time pad wrapped around some other data seems like a possible approach). Neat stuff.