I really wish people wouldn't base their claims on security contests like this: "nobody has claimed the reward so it must be secure" is fundamentally a really bad argument, and - as Moxie's article on the Telegram crypto contest [1] demonstrates - it's easy to design constraints that <i>look</i> reasonable but in fact make the contest unwinnable, regardless of the scheme's security.<p>[1]: <a href="http://thoughtcrime.org/blog/telegram-crypto-challenge/" rel="nofollow">http://thoughtcrime.org/blog/telegram-crypto-challenge/</a>