All encryption can be brute forced, the point of having a large key size is to make the compute effort needed to brute force the key impractical.
“Impractical” for an individual, even one that has several very powerful computers (by DIY standards) is a much lower bar than impractical for a government, that might use huge supercomputing clusters or hardware designed specifically for brute forcing encryption.
Note that the recommended key size to protect from “individual” tier hackers has increased over the years as the power of the average personal computer has increased.
All encryption can be brute forced, the point of having a large key size is to make the compute effort needed to brute force the key impractical.
“Impractical” for an individual, even one that has several very powerful computers (by DIY standards) is a much lower bar than impractical for a government, that might use huge supercomputing clusters or hardware designed specifically for brute forcing encryption.
Note that the recommended key size to protect from “individual” tier hackers has increased over the years as the power of the average personal computer has increased.