Security Protocols

The CRAM$-$MD$5($Challenge$-$Response Authentication Mechanism$)$ protocol, used to provide authentication

to the IMAP$4$ email protocol, consists of the following steps:

$1.CS$:$C$

$2.SC$:$N||T||S$

$3.CS$:$U,H(K||T)$

where $C$ is the client, $S$ the server, $N$ a nonce, $T$ a timestamp, $U$ is the username, $K$ is a cryptographic key

derived from the user's password and $H$ is a cryptographic hash function $($MD$5).$ The goal of the protocol is

to allow $S$ to authenticate $C.$ It is obviously assumed that $S$ knows $K.$

$($a$)$ It the timestamp $T$ necessary? Please justify your answer.

$($b$)$ It the nonce $N$ necessary? Please justify your answer.