In addition to Mike's point about symmetric encryption, RSA isn't even the only asymmetric scheme used, and it seems like usage of it is actually declining some, because you can't use it with elliptic curves like you can many other schemes. When people say "asymmetric cryptography is slow," a major reason for that is key sizes. Your question links to a discussion of the security of 256-bit keys, but that discussion is symmetric 256-bit keys; a 256-bit RSA key is extremely weak, and to get the equivalent of 128-bit symmetric keys you need 3072-bit RSA keys; the equivalent of 256-bit symmetric keys is around 15,200 bits of RSA key (these are estimates, but they're fairly standard ones).
With other asymmetric schemes (like Diffie-Hellman and DSA), there's an alternative to working in the integers modulo n
: you can use an elliptic curve, which is believed to give 128-bit security with a 256-bit curve. That means DH and DSA are often used where performance is more important, because ECDH and ECDSA are faster than RSA at the same security level. Furthermore, you often want forward secrecy in communications, which means that if I steal your private key in the future I can't use that to read the messages Mike sent to you. Achieving this involves creating a new keypair for each communication and signing it with your real private key. Creating a strong RSA keypair is time-consuming; creating an EC keypair is cheaper. DH is also more traditional for this sort of key agreement. So, DH or ECDH is typically used for forward secrecy, and in fact that's all TLS offers for that.