It seems there are legal issues associated with AES-256 (it is disabled in Java, and Oracle tells me in their UnlimitedJCE Policy that I am "advised to consult" my "export/import control counsel or attorney to determine the exact requirements" before turning it back on and the page on Wikipedia does not look very friendly either).
It also seems that AES-128 is "fine" (at least the people responsible for putting together the JDK have come to that conclusion).
So can I just use AES-128 and feel happy with my encryption? Is it still safe enough to protect the data for a couple of more years from all but the most resourceful attackers?
Answer
Check this very simple website: http://www.keylength.com.
There you can find the various recommendations made by academic and private organizations across the world. They don't all say the same thing, but they are all in the same ballpark.
For instance, NIST claims that AES-128 is fine at the very least up to 2030.