A few days ago we launched a contest to improve Telegram's security and are delighted to already have the first results. A Russian IT-community user identified a potentially vulnerable spot in our secret chat implementation. While this would not help him decipher the traffic and win the contest, his achievement deserves a notice — and a big prize. The habrahabr user x7mz had discovered that in case the Telegram server could be seized by a malicious third party, it could send different nonce numbers to each of the clients participating in a secret chat. These nonce numbers were introduced to add more randomness to the secret chat keys, mostly because of possible undiscovered vulnerabilities of the random generators on mobile devices (for example, one such vulnerability was found this August in android phones). This solution would have made it possible for the visual representations of the shared secret key to be identical in case of a man-in-the-middle attack — provided such attack was done by the seized ser..