The short answer to your question, is yes, 128-bits suffices.
The medium answer is that it’s really about your password. If you have a weak password you’re not using the full strength of the algorithm, and then it does not matter if it’s 128 or 256 or whatever. So, you need a really strong password. The problem here is that it’s actually quite hard to type and remember a password that is equivalent to 128 bits, not to say 256.
If you use our password generator the strong password is approximately equivalent to 95 bits, and the short about 30 bits, so you can take a long and add a short, and you’ll get full strength.
In my personal opinion the long password is sufficient for all reasonable and most unreasonable attacks. A government might possibly crack such a password with time and some luck (there’s some strengthening added to, so it’s really about 105 – 110 bits), but only at great expense if at all. Personally I doubt it. A real 128-bit equivalent is currently out of the reach for anyone, including governments.