What hash function is used for naming images?

Odd question, I know. But after I had saved a few images from a booru I noticed that the filenames were longer and I was curious. I think nearly everyone else uses MD5. Since booru.org images have 40 hex characters, I thought it might be sha-1, or when that didn't pan out ripemd-160 or tiger, but it doesn't seem to be any of those or any other common hash with a larger output that's been truncated to 160 bits.

So what is it? And why use something other than MD5? If it's because MD5 is sort of broken (not that I can see why that would matter when you are using it to detect identical files and not authenticating them), why not choose a different standard that's not broken?

Thanks for humoring my question.

That's question to the Gelbooru authors, not us (we're only using their work). However, I can answer your question.

The Gelbooru author who made the hashing function applies SHA-1 to MD5 hashes. I don't think that this is a good idea and many other people don't seem to do so too (read the internets) because this doesn't make much sense, especially since MD5 is used as a hex string (32 chars) instead of raw hash (4x4 DWords, 128-bit). This seems more like downgrading hash to me.

I've seen some other sites using the same approach - for example, some Shimmie boards.

I didn't even realize Gelbooru used that scheme; it looks like they switched back to MD5, probably because it is senseless. However, reading their forums it looks like Gelbooru was using the sha-1 hash of the original filename, not the sha-1 of the hex representation of the md5 hash of the file.

Sorry for implying it was booru.org's hare-brained idea.

Actually this is not - I've studied the engine's code. Upload is handled by classes/image.class which contains stuff like $filename = hash('sha1',hash('md5',$url)); all around.

And it's the same with password hashes, btw - they're generated from SHA-1 of MD5 of the password string. I guess it's the approach "the more hashing the better stuff", lol.