I might (probably?) be talking nonsense here, but recall reading some years ago that AES 256 is more good because more bits, but has not been mathematically proven that it's more secure than 128
Here’s the math on that:
How many combinations needed to decode AES-256 key? I am not very good in cryptography but I think its something like Combination 256 of 16. Its not too much. IF use all worlds computing power what
stackoverflow.com
And from the earlier linked Reddit thread/post
AES-256-XTS XTS-AES-128 is effectively two, 128 bit keys. The strength of the keys would still only be 128 bit, it's just you have two 128 bit keys blocks.
Even a 128-bit block is 3.40282367e38 (2^128) permutations.
I think that’s enough.
On the other hand, if we keep the (decryption) system intact and focus on the (plaintext) password, there are likely a lot less possibilities as password inputs aren’t (normally) required to be 128-bit (i.e., typically 16 characters) or 256-bit (i.e., typically 32 characters). Although, most system developers/designers require a minimum and sometimes don’t allow repeating numbers or characters. So, now let’s assume a password is required to have a minimum of three characters and it uses the ASCII char set (128 characters):
A three character input would be 2,097,152 (128^3) permutations.
A 16 character input would be 5.19229686e33 (128^16) permutations.
— By the way, selecting 16 characters in the 1Password generator fills the password difficulty bar/meter/gauge.
A 32 character input would be 2.69599467e67 (128^32) permutations.
In English we use the word combination loosely, without thinking if the order of things is important. In other words:
www.mathsisfun.com
Basically, if you have a lengthy password or passphrase, the amount of permutations becomes just as significant.
But as quoted snippet said, 128 is more than sufficient for anyone that is not on "anyone with the technology to hack" radar.
Could Apple eventually step up to XTS-AES-256? Absolutely. However, it’s likely far more advantageous — at least in the foreseeable future — to focus on maintaining other gatekeeping methods, such as limiting or slowing input attempts (i.e., hindering brute force efficiency).