Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › eCart › eCart General / Announcements › Authnet claiming our current eCart will soon fail due to MD5 Hash usage

Authnet claiming our current eCart will soon fail due to MD5 Hash usage

Thread began 1/24/2019 11:19 am by Steve | Last modified 1/24/2019 1:12 pm by Ray Borduin | 887 views | 9 replies |

1/24/2019 11:19 am | #1 Steve

Authnet claiming our current eCart will soon fail due to MD5 Hash usage

Hello,
Has this been addressed in the current version of ecart or is there a document that outlines sorting this issue as reported to us from Authorize.net?

""Authorize.Net is phasing out the MD5 hash, an older method used by shopping carts, payment modules and plugins to verify that transaction responses are genuine and from Authorize.Net. We have identified that you have this feature configured and may be relying on this older method.

Please contact your web developer or solutions provider and confirm if you are using an MD5-based hash. If so, you should begin plans for moving to SHA-512 hash via Signature Key.""

1/24/2019 11:41 am | #2 Steve

More Details:
https://support.authorize.net/s/article/MD5-Hash-End-of-Life-Signature-Key-Replacement?utm_campaign=19Q2+MD5+Hash+EOL+Merchant+Reminder&utm_medium=email&utm_source=Eloqua

I've traced the AuthNet_PHP.php pages switch parameter for case "MD5 Hash" as being $retVal = $valArray[37]; which looks to confirm the noted case.

Is there an updated file we can swap out to sort this issue?

1/24/2019 11:58 am | #3 Ray BorduinWebAssist

Are you using AIM or SIM? I don't think you actually have to do anything if you use AIM. If you are using SIM then I will help you in a screen sharing session. I haven't done the update yet, but I need someone with an active account to work it out. It should be easy enough to make the change.

Did this help? Tips are appreciated...

1/24/2019 12:23 pm | #4 Steve

Ray,
I'll need to confirm whether it is SIM or AIM. Would you know how to get this confirmation? Do I need get the clients access to Authnet or is this determined in a webassist cart file/setting?

1/24/2019 12:33 pm | #5 Ray BorduinWebAssist

Do you stay on your website for checkout or do you see the checkout form on the authorize.net site? AIM stays on your site and requires SSL. SIM redirects you to authorize.net for checkout.

Did this help? Tips are appreciated...

1/24/2019 12:34 pm | #6 Steve

We stay on the site, completing the full process there.

1/24/2019 12:37 pm | #7 Ray BorduinWebAssist

That is AIM then, and I don't think you have to do anything from what I've read. We don't use the MD5 Hash, so it won't matter when they change to a different encryption.

Did this help? Tips are appreciated...

1/24/2019 12:40 pm | #8 Steve

OK, and the reference to :

case "MD5 Hash":
$retVal = $valArray[37];
break;
in "AuthNet_PHP.php" is nothing of concern?

1/24/2019 12:43 pm | #9 Ray BorduinWebAssist

Yes... that is actually never used.

Did this help? Tips are appreciated...

1/24/2019 12:44 pm | #10 Steve

Thank you for the prompt replies on this matter Ray!

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.