Authorize.Net is phasing out the MD5 based transHash

Any word on this? Is our cart going to stop working?

• This reply was modified 5 years, 10 months ago by Becky Melton. Reason: add tags

I sure hope we can find a solution without switching plugins.

I’ve got a client wondering the same thing. I can dig through the code and try to figure out, but I’d much rather hear an official word from the authors.

I have the same question, any solution? what do we have to do??

Bump. Same issue. Authorize says they’ll drop support for MD5 at the end of this month (9 days from now).

bump!

My client is also asking about this. Is this an issue? Does the plugin use Md5? Can someone please help? thank you~

This is kind of a big deal. Is anyone going to respond to this? I have a client using a different Authorize.net plugin with the same issue.

earthnutvt, Which plugin are you using?

In the past, I’ve had great experiences with YITH themes and plugin support. Not sure what’s going on now.

• This reply was modified 5 years, 10 months ago by SandyMe.

Hello there,

I am sorry for the long delay. We wanted to accurately check the new feature and follow development status.

First of all, I’d like to assure you that we will release an update soon that removes any check over MD5 hash. This should be enough to make the plugin work with any transaction, both with the new and current API set. Next update should be released at most tomorrow so, please, stay tuned.

Support to transHashSHA2 is completely a different story instead. We’re working on implementing it since it offers an additional layer of security for our customers. Anyway, for what I have experienced, the service is currently not in a complete working status. We do not receive transHashSHA2 on some responses, making the check impossible, and even when we receive it, it is difficult to validate it as suggested by Authorize. We hope that Authorize will release a developer guide soon, that fully covers all possible cases, yet, at the moment, I’m afraid we won’t be able to implement this feature within the next update. In any case, this won’t cause any problem to users running the latest version of our plugin. When the integration will be ready and working, we will simply release it with an update so anyone will be able to enjoy it. We hope to release this update on the early days of February.

If you have any other questions, don’t hesitate to contact us, we’ll be happy to help you.

Have a good day.

Thank you.

For anyone worried that the MD5 hash is going to stop working TODAY and your site will be broken, re-read the sentence in the warning received from Authorize.net that includes “and the transHash element will stop returning values at a later date to be determined”.

To me, that means those of us already using it have some time. So I think a few days is well within reason and I’m not going to panic.

The orders on my website completed just fine after the plugin update. Thank you!

Hi there,
hope you are doing well! ??

We are glad to know that all is working properly. We are happy to help you with anything you need and don’t hesitate to contact us.

Have a nice day!

I have posted in the other request for help but no help yet
When a customer orders from my site they get a error
( Unpaid order cancelled – time limit reached. Order status changed from Pending payment to Cancelled. ) this error is being sent regardless if a customer credit card is approved or denied. I get notification from Authorize thru e-mail telling me it was ether approved or denied then I must go into my site and change there order from canceled to processing. Some customers have ordered 2 or 3 times because they did not think there order went thru and then I half to refund some of there order and that cost me $$$ also.
Any help please is there some settings to change or am I stuck for now
Thanks

Here’s my latest message from authorize.net. If there’s anything I need to worry about, I’d appreciate knowing. I have the latest version of WP and all plugins.
……………………………………………….
Today we’re announcing final phase 2 dates when the gateway will stop populating the MD5 hash value.

Phase 1 Complete
Phase 2 – Stop sending the MD5 Hash data element in the API response. To continue verifying via hash, this will require applications to support the SHA-512 hash via signature key.
Sandbox will be updated on March 7, 2019 to stop populating the MD5 Hash value, the field will still be present but empty.
Production will be updated on March 14, 2019 to stop populating the MD5 Hash value, the field will still be present but empty.

We have updated documentation on our developer center, posted sample code on Github, and will have SDK updates completed by end of February.

Please refer to our support article: MD5 Hash End of Life & Signature Key Replacement for more details and information on this change.

Thank you for your attention to this matter and for being an Authorize.Net merchant.

Sincerely,
Authorize.Net