The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.