I`m working on custom implementing of NTLM and NTLMv2 protocol for authorization on Lync (Skype for business) server. While reading the offical specification and http://davenport.sourceforge.net/ntlm.html I have got several questions which I cant find answer on. One of them is following:
The question is about NTLMv2 responce (especially the blob). It says that blob should contain timestamp
since January 1, 1601
. What is this for? How does it ensure security if the server doesnt know my local time. Or maybe I should use timestamp provided in type 2 message by server?
Incomplete answer, but I haven't better for now
Or maybe I should use timestamp provided in type 2 message by server?
Yes. As said in the documentation linked above in my comment MS-NLMP
If NTLM v2 authentication is used, the client SHOULD send the timestamp in the
CHALLENGE_MESSAGE.<47>
If there exists a CHALLENGE_MESSAGE.TargetInfo.AvId ==
MsvAvTimestamp
Set Time to CHALLENGE_MESSAGE.TargetInfo.Value of that AVPair
Else
Set Time to Currenttime
Endif