satoshi could have gone for SHA-1 or MD5 or either SHA-0, but since bitcoin is a security critical software which depends on money, using SHA-256 is better while comparing the other 2 which have been broken already. SHA256 is very strong and safer as far as security of bitcoin is concerned. They can never be broken even if the computers present today become as faster as a quantum computer. 2
256is a very vast number which can not easily be computed and there would never be any collision. SHA-256 has a long way to go and will surely serve for some decades and hence this was the reason SHA256 was chosen over others.
We don't need to ask him, he has answered regarding this back in 2010.
See satoshi's quote
SHA-256 is very strong. It's not like the incremental step from MD5 to SHA1. It can last several decades unless there's some massive breakthrough attack.
If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.
If the hash breakdown came gradually, we could transition to a new hash in an orderly way. The software would be programmed to start using a new hash after a certain block number. Everyone would have to upgrade by that time. The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.