Nobody tries to "guess" a private key. Brute forcing private keys is for all intents and purposes infeasible. 256bit is a large number (likely a quadrillion to the quadrillionth times larger than you "think" it is).
These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.
http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.htmlUnless you are worried about attackers building computers from something other than matter and existing in something other than space the attack vector isn't to "guess" your private key/seed it is to
GAIN ACCESS to your private key/seed....
Thanks for your detailed response.
Electrum seeds are 128 bit (
http://electrum.org/seed.html), which makes them easier to brute force. If one is successfully brute forced, this surely yields a larger 'reward' for a the attacker than just brute forcing private keys directly, as it allows the attacker the reconstruct all private keys in the seeded deterministic wallet.
Assuming I'm correct here, why would the decision to make the seed for an algorithm that generates multiple private keys only 128 bit, while the private keys themselves are 256 bit?