Last file change

Question

Last file change

Is it safe to use a Last Modified file (e.g. NTFS) when a file change is detected? If not, do file backup applications always hash the entire file to check for changes? If so, which hash algorithm is suitable for this check?

thanks

+7

filesystems hash

Stig Dec 10 '11 at 22:18

source share

2 answers

I would not trust the last modified time, since even opening a file and adding one character would change its modification time. Hashing has a collision problem, so I would suggest reading the Rabin Fingerprinting algorithm.

+2

ydev Dec 10 '11 at 10:39

source share

xpda · Accepted Answer · 2011-12-11T00:01:17+0000

It depends on the requirements of the application. Can he tolerate false positives? False negatives?

The date the file was last modified is not reliable. For example, FTP can change the changed date without changing the file, or the file can be downloaded twice, once above itself, changing the changed date without changing the file. On the other hand, there are several utilities that will modify the file, but retain the same date the file was last modified.

If you need to absolutely take action when changing the file, a reliable way is to use a good hash or fingerprint. It takes time. One way to improve the chances without spending so much time would be to compare the changed date with the file size, but again this is not reliable.

Last file change

More articles: