[blakdawg]

This is basically true, but a little overstated.

In particular, it's helpful to make a distinction between brute-forcing a cipher, and brute-forcing a particular file. If I GPG-encrypt my plaintext with a weak RSA key, or a weak passphrase with conventional encryption, that particular ciphertext may be revealed through a brute force attack; the attack wasn't on the cipher, it was on my key.

Also, the fact that it's impossible/infeasible to exhaustively search the keyspace doesn't mean that the key won't be found - 50% of the time it'll be found in the first half of the keyspace that's searched (assuming a linear search), 1% of the time it'll be found in the first 1% of the keyspace that's searched, and so forth. Success via brute force isn't at all likely, but it's not impossible, even though an exhaustive search is practically impossible.