[Bro] SHA256 Hash File Analyzer
shawn.homan at gmail.com
Thu Feb 11 15:39:20 PST 2016
Thanks for the information. I have it turned on in my offline system, but
not sure how to measure performance.
On Thu, Feb 11, 2016 at 10:40 AM, Seth Hall <seth at icir.org> wrote:
> > On Feb 10, 2016, at 4:55 PM, Shawn Homan <shawn.homan at gmail.com> wrote:
> > I was wondering if anyone can tell me why the sha256 hash functionality
> isn't turned on by default for the files log.
> > I am working on something and needed to turn it on. I normally only use
> Bro to process pcap files offline and have never used it on a live network.
> > Does it cause performance issues?
> When I was setting the default behavior a few years ago, I did some very
> weak testing and noticed that if I had md5 and sha1 turned on, the
> performance impact was ~1%, but it jumped up somewhere between 3-4% when I
> enabled SHA256. That measurement should be revisited sometime soon though
> and perhaps even better measurements done to see if that performance impact
> is still there.
> Generally though, there is nothing in place which is stopping you from
> enabling SHA256 file hashes.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro