I personally wonder about the difficulty of discovering someone's private key in their wallet.dat by brute force attack. I think this would require 2²⁵⁶ hashes to guarantee finding the private key with an average crack time of 2²⁵⁵ hashes. Can anybody familiar with cryptography answer that question and/or elaborate?

If that is true, and we assume that in 2011 a very wealthy attacker can bring 1 THash/second to bear on the problem, and the attacker works constantly on the problem starting now, purchasing new hardware which keeps up with Moore's law over the following years (processing power doubling every two years), his descendants will steal your private key and all your descendants bitcoins somewhere around 2390 (unless they get unbelievably lucky before then). A hundred years later in 2490, anyone with the equivalent of a PC will be able to crack a wallet.dat private key in about a second. Can anyone check my math on that?

If that is true, then bitcoins won't ever truly be "lost" because in a few hundred years, they will turn up again when in becomes feasible to crack a wallet.dat private key. Hopefully whoever manages to dig up those lost coins will be able to exchange them into whatever the equivalent form of bitcoins is at that time (with much stronger cryptography).