Nope. The current PGP algorithm is known. doesn't help.
Agreed. PGP is an oddity because it's a 'one-way' mathematical function - knowing how to encrypt doesn't mean knowing how to decrypt, and knowing the algorithm without the key doesn't help.
That said, be cautious about claims on crackability - no prime factorization algorithm is currently known but no-one has managed to prove such a function can't exist (a perennial nightmare for ITS types these days). Equally, once computers get to the level of running realistic smart-interface intellects, processing speeds are clearly orders of magnitude outside ours.
Note that this isn't of much use to a player per se; a criminal syndicate on a TL13+, multi-billion population world could quite easily assemble a botnet that would make the contemporary NSA look like a slide rule, but a bunch of PCs on the battered suleiman-class S.S. Overdue Mortgage Payment
on a week's visit to the planet would need some seriously canny roleplaying to get access to it.
A more pragmatic version is that if (almost) every system has a copy, someone would be able to find a moderately corruptible starport official, or transponder manufacturer, with reasonable ease somewhere. Particularly note the situation for non-core worlds, which aren't on the X-Boat routes and must therefore wait for (presumably) mail drum updates and won't necessarily have a scout-service presence. Crack it at that end, and you have the transmission keys for every ship of your class registered in imperial space.
The key weakness is - as ever - not technology but people. The transponder box is essentially unbreachable technologically but the system control doesn't 'see' the box, only a string of SC identity headers verified by a publically known key - regardless of the encryption algorithm, because SC has to send out a known 'challenge' code and get a known 'reponse' code, and be able to verify that these match against its records. If the 'ring-back' has the correct header, SC doesn't know if it came from a legitimate box or the ship's own computer.
Millions of starports? Do tell? My public key has been sent thousands of times. No breach...
But your private key hasn't.
PGP allows you to encrypt a message into a form that you yourself cannot decrypt but the recipient can - in many ways this is the problem with it as a form of encryption; it protects the message content but does not verify the sender - which is actually the more important part of the task here.
In order to create a 'knock-off' transponder, all you need is a message format (has to be publically available as it can't be realistically modified given the number of starports and starships in service) and your public key. You can't modify the message that your transponder generates, but you don't have to; you can physically cut it out of the loop and cook your own from scratch saying whatever you want it to. You can generate your public key from your private key but not the other way around, but since you're the source of the encrypted message not the recipient, your private key is the one held by everyone and their dog.
Equally, you're not going to be sending the densitometer map in each transponder call - simply on bandwidth. It's going to be a string of yes/no responses;
Yes, I believe I am still on the correct ship
No, no-one has attempted to access me since the last appropriate service
No, there have been no suspicious interruptions of link to the computer
Yes, my densitometer map of the hull remains accurate to the level of accuracy I can see*
Which is why message format is the important element.
* Also; Densitometer plating from Scoundrel. just put the damn thing in a g-plate box and it can think it's on a Tigress
class for all it matters.
Understand that I'm not advocating
I'm just saying that it's highly effective and I strongly recommend using it.
Minbari Protectorate Fleet: