Jump to content
Latest News: (loading..)
phi148

AIM Module - MD5 Hash Is Going Away. Is there an update?

Recommended Posts

Authorize.Net is phasing out the MD5 based transHash element in favor of the SHA-256 based transHashSHA2. The setting in the Merchant Interface which controls the MD5 Hash option will be removed by the end of January 2019, and the transHash element will stop returning values at a later date to be determined.  

Please contact and work with your web developer or solutions provider to verify if you are still utilizing MD5 based hash and if still needed to move to SHA-256 hash via Signature Key. 

 Please refer your developer or solution provider to our Transaction Hash Upgrade Guide for more details and information on this change.  

****

I received the above in an email from authorize.net.  Just curious if anyone is planning on updating the module to support this?  More info here: https://developer.authorize.net/support/hash_upgrade/?utm_campaign=19Q2 MD5 Hash EOL Merchant&utm_medium=email&utm_source=Eloqua

Share this post


Link to post
Share on other sites

@phi148 Bill, I received that same notice but I'm not sure we need to do anything.  My AIM module doesn't have anything set in the MD5 option field so I don't think it is being used.  In any case we're lucky to have an authorize.net wizard on here so I'll summon him.  @John W  John what's your take on this?

Dan

 

Share this post


Link to post
Share on other sites

I didn't receive anything from A.net on this.  A quick read on those links talks about it for SIM and DPm.  I've always left the md5 blank but I noticed it does get a return in the debug emails.  I've thought in the past that the md5 was for SIM and DPM.  We'll have to look into this more. 


I'm not really a dog.

Share this post


Link to post
Share on other sites

I always use the MD5 hash ... simply for added security.  It is optional.

However, as Wiljen and John stated above, this is not good news that AIM is now deprecated.   I was not aware of that.

We probably will survive for quite some time still... however, this will eventually bite us if we don't create a new OSC addon for the new authorize.net API :(

Edited by phi148

Share this post


Link to post
Share on other sites

Looks like everything will be handled via their API.  I got a survey request wanting to know what shopping cart software I was using.  osC was not even on the list.  Now that's not good. 😧

Dan

Share this post


Link to post
Share on other sites
13 minutes ago, WIljen said:

so if we just blank that field it will cease using the MD5 hash and continue to work?  (at least for the time being)  

 

I know it currently works without it but I don't know if it will continue to or not.   Sounds like we need a new module that works with their API.

Dan

Share this post


Link to post
Share on other sites

The CIM method has a lot of added functionality.  You can use it to save credit card data with authorize.net in a PCI safe manor, and subscription etc easily implemented.  I have built the CIM based system to save card info etc.  I will see if I have some time to put a package together, just that the extraction etc will take some work to do and not sure I have the time until after vacation and work load.  There are some class implementations if anyone wants to start it up on development:

https://github.com/stymiee/Authorize.Net-XML

cheers

Peter

 


Peter McGrath

-----------------------------

See my Profile (click here) for more information and to contact me for professional osCommerce support that includes SEO development, custom development and security implementation

Share this post


Link to post
Share on other sites
6 minutes ago, John W said:

Hey Peter, CIM is listed as End of Life on the upgrade guide.

https://developer.authorize.net/api/upgrade_guide/

 

For hosted forms.   For XML it is the preferred method of implementation :)

The link I sent is for XML implementation classes

Hosted forms have not been in use for a very long time now.

cheers

Peter

 

 


Peter McGrath

-----------------------------

See my Profile (click here) for more information and to contact me for professional osCommerce support that includes SEO development, custom development and security implementation

Share this post


Link to post
Share on other sites

People might want to read this post below on the a.net support forum.   From what i remembed the md5 is only needed for SIm.  I've been searching through all the developer info and working on the forums.  It's been a long time since I poked around here.

Check this link

https://support.authorize.net/s/article/Do-I-need-to-upgrade-my-transaction-fingerprint-from-HMAC-MD5-to-HMAC-SHA512-and-how

 


I'm not really a dog.

Share this post


Link to post
Share on other sites

On my test site using my AIM module on their test server/sandbox it works with all the MD5 code commented out of the aim module.  I never had anything entered for it and all the md5 code was contingent on something being entered.  I think the md5 code was carry over from when Harald did the SIM module, but I'm guessing.

I also downloaded their SDK for the api and have played with that a little on my test site with Netbeans.  Netbeans is helpful because it parses the code and can take you right to a class or method without having to hunt for it.  Since they have about 500 files in this api, NB is really helpful.  I used their sample code to get it to work from my test site.  I think we could reuse a lot of the aim module code and convert it to use the api. 


I'm not really a dog.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×