>>3100460 (PB)
In most cases, there is no need for "forever" encryption. It only has to outlast the lesser of a statute of limitations or the lifetime of the person encoding the message.
Probably the best protection is to use the best encryption available as often as possible ... and for bajillions of others to do the same ... because first the adversary has to determine which messages to attack. When the adversary cannot decrypt all messages because of computational expense but CAN decrypt selected messages, the best way to hide that needle in the haystack is inside a VERY big haystack. Especially if the adversary isn't even positive that the needle actually exists. That's where universal encryption comes in.
Note: the fastest way to break modern encryption where voluntary decryption is not available is with physical torture.
In matters which need to remain hidden for a prolonged period of time BUT be available at some future date to specific entities, it stands to reason that some variation of multiple pass encryption using different keys for each pass and / or changing algorithms for specific characters (using some sort of randomization to decide which characters) might prevent even a true decryption from looking like the decryption was successful.
This may not be available in COTS software, but would be well within the bounds of a script in Linux using just bash commands.