Cryptographic Key Sizes

With a secret state of 128 bits or more, you can't brute force it before the sun burns out.

This a very good explaination of why 256 bits is enough against a brute force attack. The goal of breaking cryptographic systems is of course not brute force, but to reduce the actual key space you have to search. This is frequently measured in how many redundant bits you can shave off. So for AES, we might find in the future that 256 bits isn't enough after all.

btw what's wrong with 512-bit keys?

There are 340282366920938463463374607431768211456 possible 128-bit keys. So if you had a machine that could check a trillion possible keys per second it would take over 10 quintillion years to try all possible 128-bit keys.

"A device that could check a billion billion (1018) AES keys per second would in theory require about 3×1051 years to exhaust the 256-bit key space." - wikipedia

I was under the impression that even a 128 bit keyspace is prohibitively hard to crack using modern hardware, and that 256 bit would take more computational resources than we can reasonably expect to have available to us for the rest of time. Isn't 1024 bit a bit overkill?

Crypto is only finitely strong (even if very large).

1024 bit keys are endangered? Only in some broken encryption schemes. You can't even break 256 bits, as the number of possibilities exceeds the number of atoms in the universe.

64 bits isn't enough to provide brute force protection, you need at least 80 bits, preferably 128 bits, and 256 bits if you're paranoid.

It doesn't work like that. If you use this to create, say, a cryptographic key, you can break it if you can bruteforce an 80-bit key; depending on the specific application, you may need much less (e.g. if you can perform a birthday attack, you only need 2^40 tries).