The cipher AES-256 is used among other places in SSL/TLS across the Internet. It's considered among the top ciphers.
In theory it's not crackable since the combinations of keys are massive.
Although NSA has categorized this in Suite B, they have also recommended using higher than 128-bit keys for encryption.
So how secure is this cipher really? Should you assume the worlds top cracker-institutions are near or have cracked it already?
I wouldn't assume that the NSA has cracked AES ciphers. I would assume that most crypto systems that use AES have implementation flaws that the NSA exploits when they feel it is worth it.
In any case, when the only possible way a state can know something is by breaking a cipher, it's difficult for them to use that information; doing so would reveal that the cipher is broken. So in practice, a broken cipher is more likely to be used as a shortcut to find something that could be discovered (albeit with more difficulty) by other methods.
You might be interested in this recent story and commentary about NSA's crypt analytical capabilities.
An interesting thing about some modern standardized ciphers, like AES, is that the government is "eating its own dogfood" by using them internally. (AES 192 and 256 are approved for top-secret data.) Back in the day (up through the 90s), U.S. government internal encryption standards was not closely aligned with public sector cryptography, and we largely had to speculate as to whether public crypto could hold up to the government standards; the NSA had a history of knowing more crypto than they let on. But now that they are willing to stake their own security on them, that seems like a decent endorsement of those algorithms.
The U.S. government has conflicting goals: they want to be able to break crypto, but at the same time, in the interest of protecting the citizen in the digital age, they want us to be protected against the crypto attacks of others. So much of our modern economy relies on crypto that we want a high security margin on it. Since the 90s, crypto knowledge in the public and foreign intelligence domains has sky rocketed, and a vulnerability that the NSA can exploit is possibly a vulnerability that someone else can exploit. So at the drafting of AES, we doubt that they were focused on choosing a candidate that could be broken and kind of suspect they wanted a candidate that could not be.
Since you only break crypto when you don't have the key, to compromise those two goals they could just allow us mathematically secure crypto, then focus on getting the keys instead. If they can recover keys, they don't care how strong our crypto is. Attacking the endpoints that generate the keys is not always as hard as it seems (consider how many user and corporate machines get infected with malware, and think about what sort of key-related backdoors could be planted in popular software), and a simple subpoena might get keys in some situations. As more user data moves toward the cloud, backdoors in public services (voluntarily provided or not) are going to make the job of key recovery even easier.
Summary of these two points:
The federal government is allowed to use AES for top-secret information.
We don't know that they would actually want AES to be mathematically breakable, so at the AES competition 11 years ago it is possible they would have avoided any algorithm they thought they could break in the near future.
None of that is proof, but we tend to assume that the NSA can't break AES.
According to a top secret document release by Wikileaks titled "Network Operations Division Cryptographic Requirements" includes AES256 under the section "The Long-lived Suite for Network Communication" which further states:
Confidentiality must be provided by AES with a minimum key size of 256 bits. The cipher must be operated in Galois/Counter Mode (GCM), Counter Mode (CTR), or Cipher Block Chaining Mode (CBC).
AES and RSA (based on prime factory) are not information-theoretically (unconditional) secure, because they simply do not have a mathematical proof of being secure. Still today there is not a proof that proves that prime factor is defininively a difficult or simple problem (P=NP? one of the biggest mistery of math).
So in everyday practice they show to be unbreakable because no one has still found a method to break them, but maybe someone knows it and keeps secret( prime factor solving ).
And the fact that NSA recommends to use AES give me some doubts…
UPDATE 11-11-2014:
We know, from Edward Snowden, that the NSA does, routinely monitor all traffic and can decrypt all standard encryption, such as SSL. So it is likely that they have methods to break AES.
So, if you are concerned about industrial espionage, AES is unlikely to be your algorithm of choice - this is not just because of NSA or GCHQ spying, any third party (retired spook, for example) who has the know-how can also decrypt most things. In fact there are companies for hire that will decrypt pretty much anything for you, using intelligence from the likes of the NSA or GCHQ.
The only known secure algorithm is the one-time pad.
