]7-Zip uses iterated SHA-256 as its key derivation function. This is weak against hardware brute force attacks. If your password really is 18 randomish characters, you should be fine. If it's one English word with a few digits before or after it, you are theoretically vulnerable to that kind of attack.
Are you sure? The version I have (Ver 9.20) says AES-256. And yes, 18 random chars.
An attack would be on the weakest link which is the key derivation, not the encryption.
http://www.7-zip.org/7z.html says:
"This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password."
18 random characters is secure for the foreseeable future.