You are searching the first 5 hex digits of a SHA1 hash (1/16^5 == 1/1,048,576 probability of a collision) in a database with ~500,000,000 records.

Edit: I just realized that the server sends all of the possible hashes and the check is done by the client, nevermind.