The NT Hash is actually an un-salted MD4 (not 5) hash of the UCS-2 encoded password. The authentication protocol uses the V2 Hash, which is an MD5-HMAC of the user name and domain, using the NT Hash as the key. The authentication protocol then uses the V2 Hash as an MD5-HMAC key for a pair of random nonces.