Bug#549292: ssdeep: No ouput for small files
Kingsley G. Morse Jr.
change at nas.com
Fri Oct 2 07:39:15 UTC 2009
Package: ssdeep
Version: 2.2-1+b1
Severity: normal
Thanks for maintaining debian's ssdeep package.
I'm interested in using it on strings or small
files, and happened to notice that it produces no
output.
Here's how to duplicate:
$ echo -e "hello\nworld" > data1
$ cp data1 data2
$ echo 1 >> data2
$ ssdeep -b data1 > hash
$ ssdeep -bm hash data2
At least for me, the last line produces no output.
It occurs to me that ssdeep may only work on files
bigger than a certain size.
If this is so, then perhaps ssdeep's man page
should explain what the minimum size is.
Even better, enhance ssdeep to actually work with
small files or strings.
Thanks,
Kingsley
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages ssdeep depends on:
ii libc6 2.9-6 GNU C Library: Shared libraries
ssdeep recommends no packages.
ssdeep suggests no packages.
-- no debconf information
More information about the forensics-devel
mailing list