libffuzzy / ffuzzy++
libffuzzy is a fuzzy hash comparison library compatible with ssdeep version 2.11.
This library is designed to be fast and thread-safe. It does not even allocate memory dynamically during the process (which may increase performance on parallel computation). The another purpose to write this library is to find implementation issues in ssdeep. During this re-implementation, I found several issues which may affect robustness and portability of ssdeep.
The source code of the library is available on GitHub.
ffuzzy++ is now a testbed of new versions of libffuzzy in C++ and now in preview. This implementation is even faster than libffuzzy and has important feature to generate digests.
See GitHub for details.
libffuzzy
Usage
Global functions of libffuzzy are named like ffuzzy_SOMETHING. ffuzzy_compare is very similar to libfuzzy's fuzzy_compare. libffuzzy has ability to hold ssdeep digest after parsing. ffuzzy_read_digest function can be used to parse digest and ffuzzy_compare_digest to compare against another digest after parsing.
In version 2.1, unnormalized form is added. ffuzzy_udigest can be used to preserve ssdeep-generated hash values (except file names) as it possible. This can be easily converted to ffuzzy_digest.
Performance
Version 1.1 of libffuzzy achieved expected performance gain and version 1.1.1 got even faster. libffuzzy is now faster than libfuzzy in most cases. In version 2.0, interfaces for specialized comparison and clustering are added. Clustering applications will get faster if you use this optimized implementation correctly. In the large clustering job (about 100k hashes), libffuzzy 2.0 was about 60% faster than libfuzzy 2.11.
Portability
libffuzzy is written in pure C99. It does not use the type which may not be defined in the environment so it is safe for any environment.
Download
libffuzzy is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See COPYING file in the archive for credits.
| Version | Release Date | File Name | File Size (Bytes) | MD5 | Docs |
| 2.1.4 | 2014-11-03 | libffuzzy-2.1.4.tar.xz | 223,808 | 1a54af9212e9b8d226a3d973d49d2041 | HTML (Doxygen) |
| libffuzzy-2.1.4.tar.gz | 310,179 | f83004c058fe91c9101e6b364b49106d | |||
| 2.1.3 | 2014-10-28 | libffuzzy-2.1.3.tar.xz | 223,408 | 4e5fc70628d663bf1e77c5b0de22900c | HTML (Doxygen) |
| libffuzzy-2.1.3.tar.gz | 309,983 | 8aab6ff659344d652e216ed3ddb83f95 | |||
| 2.1.2 | 2014-10-28 | libffuzzy-2.1.2.tar.xz | 223,376 | 5173a4fbdcddfade6ff645d2006ab386 | HTML (Doxygen) |
| libffuzzy-2.1.2.tar.gz | 309,678 | 9ad646a44157055287abd5e0210a3859 | |||
| 2.1.1 | 2014-10-25 | libffuzzy-2.1.1.tar.xz | 223,304 | 1ebb28f0adb9a00a1950b6682934230f | HTML (Doxygen) |
| libffuzzy-2.1.1.tar.gz | 309,750 | dfab2b4453d58867ffc9fa98c3247bc8 | |||
| 2.1 | 2014-10-25 | libffuzzy-2.1.tar.xz | 223,304 | cba13569eefd9cc673329fec8a99700b | HTML (Doxygen) |
| libffuzzy-2.1.tar.gz | 309,647 | 13ac09c69cbe6b052093f7518d924930 | |||
| 2.0.1 | 2014-10-25 | libffuzzy-2.0.1.tar.xz | 222,120 | 1fdc643bcb86733484529e9630ce18c0 | HTML (Doxygen) |
| libffuzzy-2.0.1.tar.gz | 308,256 | 02e773412019fcf98b47781c9743f77a | |||
| 1.1.1 | 2014-10-20 | libffuzzy-1.1.1.tar.xz | 214,860 | 664f52dd95ee2ced8c086288c81c4e06 | - |
| libffuzzy-1.1.1.tar.gz | 299,230 | 54402fd50ccf2e540ebe25bfc10130de | |||
| 1.1 | 2014-10-20 | libffuzzy-1.1.tar.xz | 214,736 | f25ddd85075606c68afc0da0f5546736 | - |
| libffuzzy-1.1.tar.gz | 299,087 | cca40903d79d8b4f42cd5254d8a06825 | |||
| 1.0 | 2014-10-20 | libffuzzy-1.0.tar.xz | 214,560 | f3c8bfff9294fbf78a9a3da792d6a3c1 | - |
| libffuzzy-1.0.tar.gz | 298,873 | d7bd8530cce921fdf292e8fb991ee0d4 |
Vulnerable Version(s)
These versions are known to be vulnerable and dangerous to use.
| Version | Release Date | File Name | File Size (Bytes) | MD5 | Docs |
| 2.0 | 2014-10-22 | libffuzzy-2.0.tar.xz | 221,808 | ada83fde887f7837a91edae493de11f9 | - |
| libffuzzy-2.0.tar.gz | 307,834 | 9063b41fa53c73773c70af7ba0e607c4 |
Changes
Version 2.1.4 (2014-11-03)
- Added block size bounds from the original version of ssdeep
Version 2.1.3 (2014-10-28)
- Added bootstrap script to build from git repository
Version 2.1.2 (2014-10-28)
- libffuzzy now accepts all unsigned long values as block sizes
- Optimized block size capping
- Fixed implementation where is different from documentation
Version 2.1.1 (2014-10-25)
- Removed redundant debug code
Version 2.1 (2014-10-25)
- Added interface for unnormalized form
Version 2.0.1 (2014-10-25)
- Changed internal interface for future extension
- Fixed buffer overflow vulnerability on
ffuzzy_pretty_digestfunction
Version 2.0 (2014-10-22)
- Optimized the code (further more)
- Added specialized comparison/clustering/manipulation interface
- Fixed parser to prevent arithmetic overflow
- Added debug/assertion code
- Fixed documentation
- Added documentation for Doxygen
Version 1.1.1 (2014-10-20)
- Optimized edit distance code
- Fixed changelog on version 1.1
Version 1.1 (2014-10-20)
- Added
ffuzzy_digeststructure (which holds ssdeep digest after parsing) - Optimized digest reader and edit distance code
- Improved compatibility with ssdeep
Version 1.0 (2014-10-20)
- The initial release.