Jonathan_S wrote:There is some risk to using untrusted ships to carry your messages. And we have seen that Honorverse crypto keys can be stolen; which could allow a malicious ship transiting to hand off a forged message, rather than simply "losing" or garbling the message so the digital signature couldn't be verified..
Of course keys can be stolen. The weakest part of any encryption is the humans on either side who are managing the encryption and the messages. That's what allowed the Allies to crack Enigma in WW2, that's still today how most hacks happen: social engineering.
Anyway, there are mitigations possible for all of these. For example, split the content of the key send it over 5 people, with each person carrying 25%, so that if any one is compromised, the entire key can still be retrieved (this is very simplistic, there are better ways of doing that and identifying who was compromised).
They can also send the message using multiple keys for redundancy, so the chance of compromising all keys is small.
It'd be a easier to design a system that was resistant to a dropped or unverifiable message than to a forged one. A message you don't get or can't trust could be dealt with by a protocol that limited the length of time the wormhole could be controlled by a given side, combined with a maximum number of outbound transits before you must pause to allow the other side to send you inbound traffic; which can only be overridden by getting an specific affirmative response to a message requesting a deviation.
The problem of a MAlign ship "dropping" the message is that the next ship will carry a good message. The ship going in the reverse direction will also contain information that the last message wasn't received. Even if the MAlign ship had the stolen keys and sent forged message, the ship in the reverse direction would reveal to ACS that something weird happened and ACS would immediately go on alert.
To make any attack feasible, the MAlign would need to have ships on both sides queued and transiting at the same time. And it would need to send multiple ships so communication didn't happen for a length of time that suits their needs. For example, under normal circumstances, the first 5 ships on the queue will not change, even if ACS has an urgent need to change. The worst I can think of is that one of the ships already in queue has a medical emergency and wants to transit to Manticore for access better hospitals, but that would gain something like 12 minutes out of a three-hour trip (1 hour in hyper, 2 hours from the hyper limit to Manticore).
That brings the question: what is the exploit?