MD5 Hash Removal/Disablement from Authorize.Net

  • Resolved sharath96

    (@sharath96)


    5 years, 10 months ago

    Today Morning I got an Email from the Authorize.Net regarding MD5 Hash Removal/Disablement. Here what exactly they stated.

    Authorize.Net is phasing out the MD5 based transHash element in favor of the
    SHA-256 based transHashSHA2. The setting in the Merchant Interface which
    controls the MD5 Hash option will be removed by the end of January 2019, and
    the transHash element will stop returning values at a later date to be
    determined.

    Merchants utilizing this feature will need to work with their web developer
    or solutions provider to verify if they are still utilizing MD5 based hash
    and if still needed to move to SHA-256 hash via Signature Key.

    I checked plugin using Md5 hashing field in it’s setting. My question is, whether plugin is updated to support new feature from Authorize.Net or providing any other alternate solution.

    Please look at this problem asap. Advice me any alternate solutions.

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 21 total)

  • Same issue here. Thank you for posting this.

    Same issue here! Please get back to us as soon as possible

    Same issue here. Please let us know if this is covered in the plugin or if we need to do something on our end. Thank you very much.

    Plugin Author Eshan Varma

    (@ishanverma)

    Relevant updates to plugin will be provided to all users by/before end of this week.

    Thanks for posting this and making an update! I was about to have the same problem.

    I was about to have the same problem too, thanks for posting this!

    Thanks for replying, Ishan!

    Are you still on track to release an update within the next few days?

    Thanks for posting this I was about to post the same having same issue .
    when can I expect the updates ?

    I just wanted to confirm. This issue was not addressed in the Version 4.3.3 and we should still wait for the next update, correct?

    It would be great if you could update the changelog so we know what was updated.

    Thank you!

    Seems update 4.3.3 was pushed through earlier today, but still does not include support for SHA-256. What changes were included in this update, if not the encryption upgrade?

    Following. Definitely interested in the update and support for SHA-256.

    Thread Starter sharath96

    (@sharath96)

    I have seen the release notes. But there is nothing mentioned about SHA encryption. And also in UI, we able to use MD5 Field. Please check on this ASAP.

    I compared 4.3.2 and 4.3.3 to see what changed. Here’s what I found.

    • The plugin now indicates that it’s been tested with WooCommerce 3.5.3 and WordPress 5.0.3.
    • The plugin’s description and admin screen were changed to include this message: “New Hash update will be released before Jan 26, 2019.”

    So it seems 4.3.3 was a minor release to let people know that the hash update is coming soon.

    Does anyone speculate whether we will need to contact Authorize.net for anything to make this update work? Or will the update steamline the current setup?

    Given that we are now eight days past the original deadline established by the plugin author, I will be deleting this plugin in favor of the Indatos paid WooCommerce extension (https://www.indatos.com/products/authorize-net-woocommerce-plugin-certified-solution/). Their software uses a secure TLS encryption, invalidating the need for either SHA or MD5 encryption.

    MD5 encryption was cracked in 2013 and declared insecure. Given the demand for secure transactions over the web, I am shocked that it has taken this long for the plugin author to update their software to modern standards, even after Authorize announced the MD5 depreciation. This tread was marked resolved by the OP before the issue was actually addressed. I feel I can no longer trust this software or author. I wish my fellow Authorize users the best of luck.

    • This reply was modified 5 years, 10 months ago by stephenopet.
Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘MD5 Hash Removal/Disablement from Authorize.Net’ is closed to new replies.