Meraki

rinat · ‎Sep 19 2018

On the Scanning API docs you describe the Meraki mac address hashing algorithm. Do you have its open source example/realisation in any programming language that Scanning API customers could use or extend?

HodyCrouch · ‎Sep 19 2018

Meraki describes the hash algorithm in pseudocode:

hash(mac bytes, org secret) =
SHA1(mac bytes ++ org secret).takeRight(4)
where:
++ indicates concatenation;
takeRight(4) returns the least significant 4 bytes of the SHA1; and
org secret is a per-customer salt.
Example:
client MAC is 11:22:33:44:55:66
org secret is t3lrdd
least significant 4 bytes of SHA1(112233445566t3Irdd) = 0x0e456406

I'm not sure why you would want to implement this yourself, but here's an example in Node.js

var crypto = require('crypto');

merakiHash('11:22:33:44:55:66', 't3Irdd');

function merakiHash(mac, secret) {
  var sha1 = crypto.createHash('sha1');
  var macBytes = mac.replace(/:/g, '');
  sha1.update(Buffer.from(macBytes, 'hex'));
  sha1.update(secret);
  var hashResult = sha1.digest('hex').slice(-8);
 
  console.log('least significant 4 bytes of SHA1(' + macBytes + secret  + ') = 0x' + hashResult);
  return hashResult;
}

For any Meraki people following along, would you mind updating the docs? The comment in your pseudocode uses a different org secret than the example, which made this a little more painful than it should have been. "t3lrdd" is not the same as "t3Irdd".

aryan-jain · ‎Mar 11 2020

How can I know my own org-secret if I wanted to match data from my Meraki devices to other access points configured in the same building?

Meraki

Community

Mac Address Hashing Algorithm

Mac Address Hashing Algorithm