Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorize.net to upgrade md5 to sha256 #3114

Open
paras-ziggletech opened this issue Jan 16, 2019 · 6 comments
Open

Authorize.net to upgrade md5 to sha256 #3114

paras-ziggletech opened this issue Jan 16, 2019 · 6 comments

Comments

@paras-ziggletech
Copy link

paras-ziggletech commented Jan 16, 2019
edited
Loading

Hi,
i just received an email that authorize.net that it will upgrade from md5 to a SHA-256 trans hash by month end.
Will this gem get updated for that ?

Thanks
@joshRpowell
Copy link

joshRpowell commented Jan 25, 2019
edited
Loading

Link to Article detailing the end of life/support for MD5 Hash and it's replacement option:
MD5 Hash End of Life & Signature Key Replacement

Link to Upgrade Guide

@seebq
Copy link

seebq commented Jan 31, 2019
edited
Loading

You know, just searching the repository:

https://github.com/activemerchant/active_merchant/search?q=transHash&unscoped_q=transHash

It looks to me like transHash isn't used as part of authorize.net's implementation in ActiveMerchant.

It only looks like it's referenced as part of the response in a test file.

Can anyone else confirm? I think the real question is: Is your code using the returned transHash value to save or reference any transactions.

Can anyone else chime in if that's right?

@carlos-serfe
Copy link

carlos-serfe commented Feb 22, 2019
edited
Loading

HI every one,
I'm having here the same question and to be sure, and because none answer this thread with facts beyond @seebq

I've checked the source code at the current master and some other tags and at any moment the transaction is validated.

Also @seebq please note that in master there's a md5_hash at the parse_direct_response_elements(response, options) but it's unused.

In previous tags, the method was named parse and the mechanism employed to get the information was using the same nokogiri gem but in a more direct way. Anyway the transactions it's never confirmed, it justs trusts that the transaction_id will only be provided when a transaction it's completed.

Hope this helps someone and also I wish if someone who had worked on the gem could provide some kind of confirmation here.

Thanks!

@tarragonparagon
Copy link

Any updates on this? From reading the Authorize.net docs, it seems to me that the MD5 hash is only used in verifying the API response, but it seems to be implemented in the Authorize.net CIM Gateway (line 927, 'md5_hash' => direct_response_fields[37]).

cc: @DavidStoltzfus

@josemigallas
Copy link

2022 and no updates yet? I guess by now MD5 is no longer a concern 😅

@curiousepic
Copy link
Contributor

Marking this "of interest" before a cleanup of stale issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@seebq @curiousepic @joshRpowell @josemigallas @tarragonparagon @paras-ziggletech @carlos-serfe