SHA-256 broken, collisions found... Bitcoin then?

[runeks]

as long as SHA-3 ASICs don't exist and SHA-256 ASICs do, no one will use SHA-3. So there would be a softer transition from SHA-256 to SHA-3,

There would be no difference between this and simply making a cut off point at some point down the road, IMO, as you say yourself no one will use SHA3. It is pointless and adds unnecessary complexity.

I do think there would be a difference. Developing SHA-3 ASICs and targeting the release date to exactly when the cut off point occurs is pretty damn difficult. If people were told that SHA-3 can now be used, businesses would slowly start developing SHA-3 ASICs, and they would be able to put them to use as soon as they finish development.

[Etlase2]

Ah that's true, my bad.

[Kazimir]

If the transition is made to another hashing algorithm, such as Sha3, I hope (for reasons discussed here) it will be Sha3(Sha3(x)+x) i.e. 'nested' double hashing, rather than just Sha3(Sha3(x)). Or perhaps Sha3(Sha256(x)+x).

[kalleguld]

Couldn't find this in the thread.