Redis key hashing - Murmur3

We are updating our Tyk deployment to use hashed keys in redis. We have a fair number of long term keys given out to API owners and it will not be possible to generate new keys with the hash config. Hence we are planning to manually hash the keys, so they’re compatible with the hash config deployment of tyk.

I have gone through the source and seen that murmur3 is employed to achieve this. Is the hashing done on orgID(RPC credentials)+plaintext key or just on the plaintext key? I wasn’t able to understand this part from the gateway source code. It would be helpful if this can be clarified. Thanks in advance.

Hi Hakhilesh.

The hashing is only done on the plaintext key. Tyk does however use the org ID section to namespace keys into organisations and guarantee ownership.

Hope that helps.

Kind regards,

Jess @ Tyk

Thanks Jess. Follow up question. In which version of tyk onwards is murmur3 used. Earlier versions use md5.

Murmur3 was introduced before 1.7, we haven;t used md5 in a very long time (gateway is on 2.3 now)

I tried hashing the plaintext key that I created for one of the APIs using the below function -

func doHash(in string) string {
var h hash.Hash32 = murmur3.New32()
return hex.EncodeToString(h.Sum(nil))

However, the hash generated using this on the API key and the one appended to the “apikey-” prefix in redis do not match. Is there some caveat to the logic implemented to perform this hashing?

Make sure you use our vendored version of the hashing lib

1 Like

It works now. Thanks Martin. Appreciate the quick responses.