The reason we use 128-bit encryption instead of 256-bit is because the chance of a successful brute force attack on AES 256 is effectively zero and the chance of a successful brute force attack on AES 128 is also effectively zero. But AES 128 is faster so that's why we, and the following giants of the web, all use 128-bit encryption:
 
 Apple
 Google
 Youtube
 Amazon
 Twitter
 
If you’re using Chrome when you’re on any of the sites above, you can see your 128-bit connection to the site by clicking on the padlock in the address bar > Connection tab > "The connection is encrypted and authenticated using …”.


As further evidence, Bruce Schneier said ”And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the foreseeable future." He is an internationally renowned security technologist, called a "security guru" by The Economist. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press.
 
There’s even more at:
 https://www.quora.com/Why-do-large-sites-like-Google-Amazon-use-128-bit-SSL-encryption-rather-than-256-bit
 https://www.quora.com/In-terms-of-security-how-does-128-bit-RC4-compare-with-AES-256
 
 Hope that helps! :)

Did this answer your question?