[#7418] Authorize.Net is phasing out the MD5 hash

Just got following automatic email from authorize.net:

MD5 Hash End of Life Moved to June 28, 2019

After reviewing feedback concerning the production cutoff date for the MD5 Hash, we are pushing back the production update from March 14, 2019, to June 28, 2019. We will continue to review feedback and consider further date changes as needed over the next month.

So, customers calling them works. For such business-breaking changes, a clear drop-off date and active advance customer notification should be minimum 12 to 24 months in advence.

Latest nightly release, just released allows to just empty the MD5 Hash setting in CBSubs to stop testing it.

That also adds a new "Authorize.net Signature Key" parameter for the SHA2 signature (not yet implemented on their Sandbox server!!!!).

IF your ARB Silent Posts of the productive server (see in Notifications of CBSubs) *have* a SHA2 signature as they should (Sandbox server does not have it, so couldn't test) then you can try setting the (optional) the new Authorize.net Signature Key parameter too, but please test thoroughly the ARB re-curring payments (not the first one, but re-occuring ones) as I had to guess from different posts how that could work, so no guarrantee it works. Otherwise leave "Authorize.net Signature Key" parameter blank for no tests.

If you see an authorize.net Auto-recurring Silent Post with a x_SHA2_Hash parameter in the POST, please PM me the content of raw POST that you can find in your Notification so I can check/try to guess their undocummented signature algorithm for ARB silent posts. Thanks!

so now that I have deleted the MD5 hash and saved the new Signature Key, all should be good? My users were getting a lot of denials the past few days