I built a system that checksums content in S3 using SHA-512 but keeping only the first 256 bits because that is enough bits and that protects against length extension attacks for certain uses. The disadvantage relative to what they are doing is you need to download the whole file and compute the checksum to validate that the file wasn't garbled during the upload process.