1

I`m working on custom implementing of NTLM and NTLMv2 protocol for authorization on Lync (Skype for business) server. While reading the offical specification and http://davenport.sourceforge.net/ntlm.html I have got several questions which I cant find answer on. One of them is following:

The question is about NTLMv2 responce (especially the blob). It says that blob should contain timestamp

since January 1, 1601

. What is this for? How does it ensure security if the server doesnt know my local time. Or maybe I should use timestamp provided in type 2 message by server?

Eugène Adell
  • 3,089
  • 2
  • 18
  • 34
Zondic
  • 33
  • 1
  • 4
  • 2
    Windows uses Kerberos since Windows 2000, not NTLM. NTLM shouldn't even be enabled on the network. What you link to isn't an official specification. People don't use Sourceforge for open source projects or specs anyway. – Panagiotis Kanavos Dec 06 '19 at 12:35
  • @PanagiotisKanavos Use over internet or in intranet only gives legitimacy to both systems. – Eugène Adell Dec 09 '19 at 13:58
  • Unfortunately they don't give the reason of the timestamp in the official doc [MS-NLMP](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b38c36ed-2804-4868-a9ff-8dd3182128e4) . Beware this link could change. Maybe ask your question on the [Open Specification Forums](https://social.msdn.microsoft.com/Forums/en-US/home?category=openspecifications) – Eugène Adell Dec 09 '19 at 14:17

1 Answers1

0

Incomplete answer, but I haven't better for now

Or maybe I should use timestamp provided in type 2 message by server?

Yes. As said in the documentation linked above in my comment MS-NLMP

If NTLM v2 authentication is used, the client SHOULD send the timestamp in the
CHALLENGE_MESSAGE.<47>
If there exists a CHALLENGE_MESSAGE.TargetInfo.AvId ==
MsvAvTimestamp
 Set Time to CHALLENGE_MESSAGE.TargetInfo.Value of that AVPair
Else
 Set Time to Currenttime
Endif
Eugène Adell
  • 3,089
  • 2
  • 18
  • 34