Redis key hashing - Murmur3

hakhilesh · January 3, 2017, 9:49am

We are updating our Tyk deployment to use hashed keys in redis. We have a fair number of long term keys given out to API owners and it will not be possible to generate new keys with the hash config. Hence we are planning to manually hash the keys, so they’re compatible with the hash config deployment of tyk.

I have gone through the source and seen that murmur3 is employed to achieve this. Is the hashing done on orgID(RPC credentials)+plaintext key or just on the plaintext key? I wasn’t able to understand this part from the gateway source code. It would be helpful if this can be clarified. Thanks in advance.

jess · January 3, 2017, 12:38pm

Hi Hakhilesh.

The hashing is only done on the plaintext key. Tyk does however use the org ID section to namespace keys into organisations and guarantee ownership.

Hope that helps.

Kind regards,

Jess @ Tyk

hakhilesh · January 4, 2017, 5:22am

Thanks Jess. Follow up question. In which version of tyk onwards is murmur3 used. Earlier versions use md5.

Martin · January 4, 2017, 8:40am

Murmur3 was introduced before 1.7, we haven;t used md5 in a very long time (gateway is on 2.3 now)

hakhilesh · January 5, 2017, 8:41am

I tried hashing the plaintext key that I created for one of the APIs using the below function -

func doHash(in string) string {
var h hash.Hash32 = murmur3.New32()
h.Write([]byte(in))
return hex.EncodeToString(h.Sum(nil))
}

However, the hash generated using this on the API key and the one appended to the “apikey-” prefix in redis do not match. Is there some caveat to the logic implemented to perform this hashing?

Martin · January 5, 2017, 9:12am

Make sure you use our vendored version of the hashing lib

hakhilesh · January 5, 2017, 9:44am

It works now. Thanks Martin. Appreciate the quick responses.