• Resolved sharath96

    (@sharath96)


    Today Morning I got an Email from the Authorize.Net regarding MD5 Hash Removal/Disablement. Here what exactly they stated.

    Authorize.Net is phasing out the MD5 based transHash element in favor of the
    SHA-256 based transHashSHA2. The setting in the Merchant Interface which
    controls the MD5 Hash option will be removed by the end of January 2019, and
    the transHash element will stop returning values at a later date to be
    determined.

    Merchants utilizing this feature will need to work with their web developer
    or solutions provider to verify if they are still utilizing MD5 based hash
    and if still needed to move to SHA-256 hash via Signature Key.

    I checked plugin using Md5 hashing field in it’s setting. My question is, whether plugin is updated to support new feature from Authorize.Net or providing any other alternate solution.

    Please look at this problem asap. Advice me any alternate solutions.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 16 through 21 (of 21 total)
  • Careful. Be prepared for your site having to pass PCI Compliance.

    Hey @stephenopet, thank you for your reply.
    As far as I know, Indatos is the same company behind this free plugin. I don’t know how I feel about upgrading for their paid version considering their negligence in giving us support, but it’s still an option. Could you please tell me if you like the paid version and if you had any trouble in switching the plugin?
    Thank you!

    Plugin Author Eshan Varma

    (@ishanverma)

    SHA update is available for download. for any further support please create a support ticket at indatos website.

    Just sent a PayPal donation your way. Great work.

    Question: Do I NEED a signature key? That field for me is presently blank.

    Plugin Author Eshan Varma

    (@ishanverma)

    Yes, after plug-in update you will need generate signature key and add to plug-in. It’s 128 characters long. Paste as it is. Make sure no whitespace before after.
    Signature key is mandatory for HAMC SHA versions to work.

    Hello,
    Try following steps

    To generate your Signature Key:
    1) Log into the Merchant Interface at https://account.authorize.net.
    2) Click Account from the main toolbar.
    3) Click Settings in the main left-side menu.
    4) Click API Credentials & Keys.
    Select New Signature Key.
    To disable the old Signature Key, click the check box labeled Disable Old Signature Key Immediately.
    If the Disable Old Signature Key check box is not selected, the old Signature Key will automatically expire in 24 hours. This will also impact any use of the Signature Key for transaction response validation for the SHA2 field. If the old Signature Key is not expired the previous key will continue to be used for the hash/response validation.
    5) Click Submit to continue.
    6) Request and enter PIN for verification.
    7)Your new Signature Key is displayed.

    And put this key in your “Signature Key”

Viewing 6 replies - 16 through 21 (of 21 total)
  • The topic ‘MD5 Hash Removal/Disablement from Authorize.Net’ is closed to new replies.