Last month Mr. Kornblum updated his ssdeep tool. I have downloaded both version 1.1 and 2.0 but somehow the MATCHING doesn't work on my pc's. I have followed all the rules, as mentioned here
http//
When I try to do this
$ ssdeep -b foo.txt > hashes.txt
$ ssdeep -bm hashes.txt bar.txt
I don't get the result bar.txt matches foo.txt (64)
In my case, all I get is an empty command line (not even a error warning etc.) but no results what so ever.
I have tried this with Win XP, Ubuntu and Vista (just to be sure) but no …
Is this a known problem (or is it me …)
What do I have to do to get matches with ssdeep
Thanks,
oops Stamitz
What's the relationship between foo.txt and bar.txt? Fuzzy hashing does not work very well, if at all, for small files. I'd recommend starting with 20-30KB files, at the bare minimum.
What happens if you try matching a file to itself, like this
$ ssdeep -b foo.txt > hashes.txt
$ ssdeep -bm hashes.txt foo.txt
cheers,
Thank you for your answer. Now, I have tried it with a larger file (256 kb) and with this commands
$ ssdeep -b myfile.dat > hashes.txt
$ ssdeep -bm hashes.txt myfile.dat
result
$ myfile.dat matches myfile.dat (100)
Problem solved !
Previously the files foo.txt and bar.txt were very small (too small for ssdeep, so I have learned)
Thanks again for your great tool,
Stamitz
