Authorize.net phasing out MD5 Hash Key option – Jan 2019
Authorize.Net is phasing out the MD5 based transHash element in favor of the SHA-256 based transHashSHA2. The setting in the Merchant Interface which controls the MD5 Hash option will be removed by the end of January 2019, and the transHash element will stop returning values at a later date to be determined.
Things to note:
1. This MAINLY affects the Authorize.net SIM module (often seen as “authorizenet” in your Zen Cart admin, not “authorizenet_aim”). See more about the AIM module below.
2. The “end of January 2019” refers ONLY to the ability to set/add/change an MD5 Hash keyphrase in your Authorize.net account admin panel. That option will disappear end of January.
3. The module WILL continue to work fine if you ALREADY have an MD5 Hash phrase set. That’s what they mean by “will stop returning values at a later date to be determined.”
So you can stop worrying about having to “fix” something “today”.
We’re investigating an update for the SIM module, and will post about it when it’s ready later this month.
The AIM module.
Currently, in your Zen Cart Admin payments panel if you have the AIM module enabled and in its settings you have an MD5 Hash value set, the module will check that against the MD5 value set in your Authorize.net account. But if you leave it blank, it will skip the check.
So, if you’re using AIM (not SIM), then when Authorize.net finally announces their “later date to be determined”, you can just change this to a blank value in order for it to continue without problem. You can also do that today if you wish.
If you’re using the SIM module, leave it alone for now. Watch for an updated module, which will be needed later this year, whenever their “undetermined date” is set.
If you’re using the AIM module, you can leave it alone, or blank-out the MD5 Hash setting in your ZC Admin. You’ll probably want to upgrade the module later this year as well, but no action is required right now.
In both cases, don’t panic.