A competition is on to find a replacement for a computer security algorithm used in almost all secure online transactions, U.S. officials said.

The U.S. National Institute of Standards and Technology in Gaithersburg, Md., will pit the five finalists for the code to become Secure Hash Algorithm-3, or SHA-3, against cryptanalysts who will do their best to crack them, NewScientist.com reported Monday.

After an international community of cryptanalysts test and analyze the algorithms for weaknesses, one will be selected as the winner in 2012.

The need for the competition dates to 2004 and 2005 when Chinese cryptanalyst Xiaoyun Wang shocked security experts by revealing flaws in the current algorithm SHA-1, the gold-standard relied upon for almost all online banking transactions, digital signatures, and the secure storage of some passwords for e-mail accounts and other online activities.

A less-widely used SHA-2 algorithm is similar and shares the same vulnerabilities.

Hash algorithms scramble computer files into a fixed-length string of bits called a hash.

Under SHA-1, it was thought the only way to unscramble a hash would require millions of years' worth of computing power, but Wang found a shortcut, raising the possibility that online transactions could someday be rendered insecure.

NIST launched the competition to find a replacement in 2007.

NIST received 64 entries, pruned to a list of 14 that warranted further consideration, and then on Dec. 9 NIST announced it had settled on just five finalists.

"We picked five finalists that seemed to have the best combination of confidence in the security of the algorithm and their performance on a wide range of platforms" such as desktop computers and servers, William Burr of NIST said.

The competition is a big deal for cryptographers and cryptanalysts alike, Burr said.

"These are incredibly competitive people. They just love this," Burr said of the cryptanalysts who will test the new algorithms. "It's almost too much fun. For us, it's a lot of work."