Fuzzy Hashing and ssdeep[web search]
ssdeep - Latest version 2.10
- Download ssdeep
- The ssdeep man page
- Quickstart Guide
- API documentation
- Sourceforge project page - Home to ssdeep development and feature requests
ssdeep is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.
A complete explanation of CTPH can be found in Identifying almost identical files using context triggered piecewise hashing from the journal Digital Investigation. There is a free version of this paper available through the Digital Forensic Research Workshop conference, free version of Identifying almost identical files using context triggered piecewise hashing.
The package also includes a fuzzy hashing API. The API is documented in the file API.TXT in the Windows distribution and README in the source code package.
The math behind fuzzy hashing was originally developed by
Dr. Andrew Trigdell in a spam dectector he called
The program runs on Microsoft Windows 2000, XP, 2003, and Vista. It is not supported on Windows 95, 98, Me, 3.1, 3.11, or 3.11 for Workgroups.
The program has been tested on Open Solaris, FreeBSD, Linux, and Mac OS X. It should compile and run on any other platform that is supported by the GNU Build Tools.
The latest stable version of ssdeep is version 2.10 and was released on 17 Jul 2013 You can take a look at the complete changelog, but here are the changes in the latest version:
- Fuzzy Hashing engine re-written to be thread safe.
- Able to handle long file paths on Win32.
- Fixed bug on comparing signatures with the same block size.
- Fixed crash on comparing short signatures.
|Version 2.10||17 Jul 2013||Windows binary||SHA256 dc4350b6d0190d8149ac53454d9ffd458b08a8cd69b2c841c62700254c1916c7|
|source code||SHA256 5b893b8059941476352fa1794c2839b2cc13bc2a09e2f2bb6dea4184217beddc|
There is no beta version of ssdeep right now. If you have any problems or would like to see something added to ssdeep, please send mail to the developer at research at) jessekornblum !dot) com or visit the Sourceforge project page .
Although older versions of ssdeep are available for historical purposes,
you shouldn't use these unless you have a truly compelling reason.
Show older versions
The ssdeep program and its API are licensed under the terms of version 2 of the GNU General Public License.
About the developer
ssdeep was written by Jesse Kornblum of the ManTech International Corporation . Please send all correspondence to research *at jessekornblum .dot com.
Code for the threshold mode contributed by Jason Sherman. The testing of this program was made possible in part thanks to the generosity of the Computer Science Department at the University of Iowa.
This page was last updated on 17 Jul 2013.