[bhitov]

I understand that you care about Telegram and want to defend it when it is attacked, but comments like this are inappropriate and will damage Telegram's reputation.

It is unfair to imply incompetence on tptacek's part given only that he spent some finite amount of time looking at your protocol and did not find the nonce vulnerability. It is also unfair to say that he didn't find any vulnerabilities despite the potential for a 100k reward as the potential for such a reward (outside of your specific contest) had not been stated clearly.

If you do in fact have evidence that tptacek was involved in RSA's deal with the NSA, you should state your accusations explicitly and provide that evidence. If you do not, I think the accusation is inappropriate and certainly counterproductive.

That said, I very much appreciate the resources you are donating to open source crypto software. It is undeniable that the potential for a 100k reward will send a lot of eyes to your source code. I would encourage you to also consider hiring a security firm (US based or otherwise) and to consider how your comments will affect public perception of Telegram.