Bitcoin stores its addresses as a combined SHA256 + RIPE-MD160 hash. Is it correct to assume this is done to prevent a failure in the algorithm?
Since SHA3 was designed to be an alternative to SHA256, and uses a completely different methodology, would a SHA3(SHA2) or similar construction provide more security than RIPE-MD160(SHA2)?
What performance, security, and other tradeoffs are worth considering?
Are the SHAKE parameters of Keccak sufficient, or should I use non SHAKE parameters?
When using SHA256 + RIPEMD-160, you are not only accumulating two different algorithm, but you are also varying your algorithm vendors, since SHA256 comes from US NSA/NIST and RIPEMD-160 comes from the european academic community.
While it is true that SHA-3 has not been directly designed by NSA, it went as a winner from NIST competition, and NSA is more or less involved in NIST, may it be for the good or the worse. So, if you combine SHA256 + SHA-3, the two algorithm may be linked to the NSA and at least to NIST, so this may be seen as a potential weakness you can avoid by combining two algorithm with no link between them.
