> > The question is, if it screws up and says that an image already exists
> > and then returns a different image when querying for it, how bad would
> > that be.
> >
>
>
> It'll never happen:
>
> http://stackoverflow.com/questions/862346/how-do-i-assess-the-hash-collision-probability
>
>
> Sure you CAN go out of your way to generate collisions, but I'd bet
> money you never see one from your setup.
>
> The probability is extremely slim. And if thats too much of a chance,
> use sha2, its mind numbingly slim.
>
> If you were doing cryptography it would be a problem, yes, but not
> checking file equality.
>
> -Andy
Never is a long time. The question that I asked is precisely: how much
money you would bet that you'll never hit a collision. It depends on the
use case. If you are talking about privacy issues, which can include
lawsuits, loss of reputation and/or damages, then I wouldn't take that
risk, even on sha2. Especially not with all the publicly available
documentation explaining why not to do it. If you are talking about a
minor inconvenience or professional pride because the wrong image showed
up, or the right image was never stored, then it may be worth the risk.
Sim
