Fuzzy hashing is a method for comparing similar but not identical files. A complete explanation can be found in Identifying almost identical files using context triggered piecewise hashing from the journal Digital Investigation.
The program also includes an API, documented in the file API.TXT in the Windows distribution and README in the source code package.
The math behind fuzzy hashing was originally developed by Dr. Andrew Trigdell in a spam dectector he called spamsum.
The program runs on Microsoft Windows 2000, XP, 2003, and Vista. It is not supported on Windows 95, 98, Me, 3.1, 3.11, or 3.11 for Workgroups.
The program has been tested on Open Solaris, FreeBSD, Linux, and Mac OS X. It should compile and run on any other platform that is supported by the GNU Build Tools.
The latest stable version of ssdeep is version 2.0 and was released on 2 Apr 2008 You can take a look at the complete changelog, but here are the changes in the latest version:
| Version 2.0 | 2 Apr 2008 | Windows binary | SHA256 be93a7f288e2c798ae48234b2a05395035b2ade419b0c3da7acd909396a4b71c |
| source code | SHA256 3fe8b8dea4ed52102f6cbcb00e7311ee1ccc19134d42f3525c10c8969543be58 |
There is no beta version of ssdeep right now. If you have any problems or would like to see something added to ssdeep, please send mail to the developer at ssdeep (at) jessekornblum (dot) com or visit the Sourceforge project page .
Although older versions of ssdeep are available for historical purposes,
you shouldn't use these unless you have a truly compelling reason.
| Version 1.1 | 14 August 2006 | Windows binary | SHA256 fb2390457b4a4ba7a63bb6c6f31da3e3d0001eede7e6344d7b60632747437166 |
| source code | SHA256 79aafa665aa4d79134c2f585674229ebe2306b77e9184fcc28b1d79de2161c44 |
The ssdeep program and its API are licensed under the terms of version 2 of the GNU General Public License.
ssdeep was written by Jesse Kornblum for the Computer Forensics and Intrusion Analysis Group, part of the ManTech International Corporation . jesse (ddot] kornblum (at) mantech [dott) com.
Code for the threshold mode contributed by Jason Sherman. The testing of this program was made possible in part thanks to the generosity of the Computer Science Department at the University of Iowa.