ssdeep is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.
A complete explanation of CTPH can be found in Identifying almost identical files using context triggered piecewise hashing from the journal Digital Investigation. There is a free version of this paper available through the Digital Forensic Research Workshop conference, free version of Identifying almost identical files using context triggered piecewise hashing.
There are some usage scenarios in the Quickstart guide and the Forensics Wiki entry on ssdeep.
The package also includes a fuzzy hashing API. The API is documented in the file API.TXT in the Windows distribution and README in the source code package.
The math behind fuzzy hashing was originally developed by
Dr. Andrew Trigdell in a spam dectector he called
The program runs on Microsoft Windows 2000, XP, 2003, and Vista. It is not supported on Windows 95, 98, Me, 3.1, 3.11, or 3.11 for Workgroups.
The program has been tested on Open Solaris, FreeBSD, Linux, and Mac OS X. It should compile and run on any other platform that is supported by the GNU Build Tools.
The latest stable version of ssdeep is version 2.9 and was released on 23 Jul 2012 You can take a look at the complete changelog, but here are the changes in the latest version:
|Version 2.9||23 Jul 2012||Windows binary||SHA256 15f7273ff232348294acc2e14dd68a2118844c0b4cd0c1938204fb2addcd731f|
|source code||SHA256 5270297d315541d188b11047fc26c1d4269ef853a0cabb0d59ee8d9a327bf8aa|
There is no beta version of ssdeep right now. If you have any problems or would like to see something added to ssdeep, please send mail to the developer at research at) jessekornblum !dot) com or visit the Sourceforge project page .
Although older versions of ssdeep are available for historical purposes,
you shouldn't use these unless you have a truly compelling reason.
|Version 2.8||25 May 2012||Windows binary||SHA256 73d71ab8cf705684fd40fd358f752345237a642e8978f3302d19cd0fa6f7567a|
|source code||SHA256 93bd1c4abdc428f14c92f73ea8a75ad9fb728fffd16c38d8fadc3f631d8fc426|
|2.7||30 Sep 2011||Windows binary||SHA256 da483426a1c887a5a425f689cb22c9040fb668559e6f0c3604237d820bb3b57b|
|source code||SHA256 b76a60a8f96789895703316ed3b36d1f0c1f35be892d875b69b0a1f814472a36|
|2.6||28 Sep 2010||Windows binary||SHA256 f18a0d80a265305004aefee377cb71ba74cebf22eb8809885403eaa0223aa9a3|
|source code||SHA256 06e73821203e0148d0f302b00288fc4d1ad3a94d580a4222bf534b6515372756|
|2.5||6 May 2010||Windows binary||SHA256 dbd700b4eeee564312109b8a01da41174f895bda5a4fef2edef2dfe3541d8d8d|
|source code||SHA256 3fcee1b8e1116fa0d1dfaed8a6de9b26ffa3139323a41aaade29bfa80b069a14|
|2.4||25 Feb 2010||Windows binary||SHA256 e7585136919bbbbed44ec2406f5045152d1da1e5eb8ec1b173af3fc9ff115438|
|source code||SHA256 e374774c97599c8eb6cf83f2767437af0ea8b2a0f254ee86c10fc8a09a684435|
|2.3||10 Jan 2010||Windows binary||SHA256 bb44a3ee8c4e2c5ada6da2f4500f93762852993e9c6e9779ddb12026cc541a45|
|source code||SHA256 32a81cac4cc3509c1739cae5e1e3cd6764adda0f8d3ae8b40313e7fdfcb47f6d|
|2.2||22 Jul 2009||Windows binary||SHA256 00cf0ecf78babca526cdcb8b1f245f5f4694def918e95ed7634e7b4b6fd17967|
|source code||SHA256 9d17dfe29aad4cee8f91d9d1f28b2d1c27a4cae8b25cb23d6d89609ad4a8ee1b|
|2.1||1 Jan 2009||Windows binary||SHA256 182b9f06299fdd9c2029be0e5dcabae193f5bc61f2da744d93f45c4f72ded692|
|source code||SHA256 6bd39b604547813511094deb3c79e183c4906869bf23ac0d4a714ea43cf8ac15|
|2.0||2 Apr 2008||Windows binary||SHA256 be93a7f288e2c798ae48234b2a05395035b2ade419b0c3da7acd909396a4b71c|
|source code||SHA256 3fe8b8dea4ed52102f6cbcb00e7311ee1ccc19134d42f3525c10c8969543be58|
|1.1||14 Aug 2006||Windows binary||SHA256 fb2390457b4a4ba7a63bb6c6f31da3e3d0001eede7e6344d7b60632747437166|
|source code||SHA256 79aafa665aa4d79134c2f585674229ebe2306b77e9184fcc28b1d79de2161c44|
The ssdeep program and its API are licensed under the terms of version 2 of the GNU General Public License.
ssdeep was written by Jesse Kornblum of the ManTech International Corporation . Please send all correspondence to research *at jessekornblum .dot com.
Code for the threshold mode contributed by Jason Sherman. The testing of this program was made possible in part thanks to the generosity of the Computer Science Department at the University of Iowa.