OK, if you were in control of the hashing algorithm used by Bitcoin, which one would you use and why?
An algo designed by Bitcoin Engineering Task Force specifically for bitcoin. Then and only then bitcoin has a chance to be safe. Bitcoin should not use hashing algo because it is recommended by NIST or NSA or whatever. On the contrary, other organizations should use whatever bitcoin network uses because if it is broken bitcoin will act as honey-pot and will inevitably expose the weakness!The "Bitcoin Engineering Task Force" (aka Satoshi) already decided that SHA-256d is the best hash algorithm for Bitcoin.
SHA-256 is very strong. It's not like the incremental step from MD5 to SHA1. It can last several decades unless there's some massive breakthrough attack.
Designing strong crypto is really really hard. Of the 56 algorithms in the SHA-3 competition (submitted by world-class cryptographers), some sort of potential weakness was found in ~33 of them. It's best to settle on a few algorithms that the academic community can scrutinize carefully for many years, as they've been doing with SHA-2. Even rather paranoid cryptographers like Bruce Schneier aren't really concerned about SHA-2. No one has any serious ideas on how you would even start to attack it. The similar but far-less-secure SHA-1 isn't even considered to be absolutely broken yet -- there aren't yet any examples of SHA-1 collisions, for example.