diff --git a/CHANGES b/CHANGES
index e168b67..6a42208 100755
--- a/CHANGES
+++ b/CHANGES
@@ -1,7 +1,8 @@
-Changes to proxytunnel after 1.9.0 -- Unreleased
+Changes to proxytunnel after 1.9.1 -- Tue Mar 22 16:02:40 CET 2011
 
 - Switch to HTTP/1.1 commands, so we can tunnel over JoikuSpot's which
   don't understand http/1.0 command (Mark Janssen)
+- NTLMv2 fixes by Giulio Galante <giulio.galante@fastwebnet.it>
 
 Changes to proxytunnel version 1.9.0 -- Sat Feb 23 22:03:10 CET 2008
 
diff --git a/ntlm.c b/ntlm.c
index ab1bdf9..13928c4 100644
--- a/ntlm.c
+++ b/ntlm.c
@@ -405,7 +405,7 @@ void build_ntlm2_response() {
 	b = (blob *)pblob;
 
 	for (i = 0; i < 8; i++)
-		b->challenge[i] = challenge[i];
+		b->digest[8 + i] = challenge[i];
 
 	b->signature = 0x00000101;
 
@@ -434,7 +434,7 @@ void build_ntlm2_response() {
 
 	memcpy(&b->data_start, t_info, t_info_len);
 
-	hmac_md5(&pblob[16], bloblen - 16, userdomdigest, 16, responsedigest);
+	hmac_md5(&pblob[8], bloblen - 8, userdomdigest, 16, responsedigest);
 
 	for(i = 0; i < 16; i++)
 		b->digest[i] = responsedigest[i];
@@ -449,7 +449,7 @@ void build_ntlm2_response() {
 	// LM2 response generation
 
 	for (i = 0; i < 8; i++)
-		lm2data[i] = b->challenge[i];
+		lm2data[i] = challenge[i];
 
 	for (i = 0; i < 8; i++)
 		lm2data[8 + i] = b->client_challenge[i];
diff --git a/ntlm.h b/ntlm.h
index 2b0f7ff..f919368 100644
--- a/ntlm.h
+++ b/ntlm.h
@@ -96,7 +96,6 @@ typedef struct {
 
 typedef struct {
 	unsigned char	digest[16];
-	unsigned char	challenge[8];
 	unsigned long	signature;
 	unsigned long	reserved;
 	unsigned long long	timestamp;