An improvement would be to not accept the first answer, and wait a bit to make sure only one
matching answer is received. If more than one, try again!
Also, if the bad guy is sending loads of wrong answers, this seems easy-ish to guess that we
are under attack. Although I don't know what to do with that information...