Closed wiene closed 1 year ago
I've been considering switching to TLSH since it's been made public. Considering the fact it's now widely adopted I think it's about time. Let me look into that.
At first glance I find TLSH a bit more sensitive compared to ssdeep, but it's too soon to compare them in terms of accuracy.
Anyway, I added support for TLSH. For the time being, ssdeep will still be preferred, and TLSH used as a fallback in case the former is unavailable. This way it should be transparent for the end user and should avoid potential hiccups from introducing new or renaming existing command line arguments.
@elceef Thanks for adding support for TLSH. I've tried it and it seems to work smoothly. I have not done any detailed comparison but judging by looking at a few examples, it seems that TLSH provides systematically larger values than ssdeep.
TLSH support was added by commit 17d6fe7. Thus closing this issue. Thanks again for adding this feature.
Recently it has been suggested to remove ssdeep from Debian. According to the former ssdeep Debian package maintainer ssdeep has been superseded by TLSH. Would you be willing to add support for TLSH in dnstwist?