When creating virtual filesystems, I use sha1()
even though collisions are fairly unlikely with md5()
, it doesn't cost much more.
As for storing the thumbnails, I would recommend saving them to disk once they're creating. The method of detecting that you've already created the thumbnail vs. it being a first-time request will depend on how you're creating and storing them.
In one of my applications, users upload files which I store using the SHA1 hash onto the filesystem with the metadata in a MySQL DB. The file is retrieved using three parameters: file_id, width, and height. I retrieve the SHA1 hash from the DB for the specified file_id, then check the filesystem for the existence of a file named [hash][width][height]. If it doesn't exist, then I generate the thumbnail and serve it up. If it does exist, then this means I've already created the thumbnail of this size and I serve it up.
Since I'm using a script to generate/send the thumbnail on-demand, my script that serves the file checks for a last-modified from the client and tells the client to use its cached version, as appropriate, rather than spending bandwidth to re-send the same image.