Main Area and Open Discussion > General Software Discussion

Fuzzy Hashing with ssdeep

(1/1)

Mark0:
Hi!
Long time no post! :)

So, here an humble try at contributing something interesting.
I discovered ssdeep just some days ago, and already found it very useful in a couple of different situations.

Quoting from the site intro:
ssdeep is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.
--- End quote ---

So, point it a directory with a lot of files in, of any kind, and it can produce a list of related files: various versions of the same executable, all the documents of certain kind, and so on.
It also include a library with a few exported functions to easily take advantage of its features from other applications.

skwire:
Rather interesting.   :up:

Mark0:
A paper on the topic by the tool's author:

Identifying Almost Identical Files Using Context Triggered Piecewise Hashing (Jesse Kornblum, 2006)

Navigation

[0] Message Index