DIE-engine icon indicating copy to clipboard operation
DIE-engine copied to clipboard

Published 20 hours ago verified publisher icon horsicq

Crypto pattern searching looks very slow

Open greenozon opened this issue 3 years ago • 3 comments

on big files (50-100 MB) it took very long time to scan for crypto sigs...

image

questions: does the tool use multi-threads to speed up the search? what kind of algo does it use to search sigs does it use any of the industrial mentioned here https://en.wikipedia.org/wiki/String-searching_algorithm eg: Boyer–Moore

I understand the term "slow" is very relative, but even on my modern machine (multicore, multi threaded) it takes 5..10 minutes to complete this action)

greenozon avatar Aug 14 '21 13:08 greenozon

It uses for scan 8 threads :)

horsicq avatar Aug 14 '21 14:08 horsicq

Great news How about algo? :)

ideally the SW should use O(n) complexity

https://en.wikipedia.org/wiki/Aho%E2%80%93Corasick_algorithm yet another power algo!

greenozon avatar Aug 14 '21 14:08 greenozon

Thanks a lot for the links. I will take a look.

horsicq avatar Aug 14 '21 14:08 horsicq