shouldn't a longer output translate directly to more work? Are you suggesting that there is a better-than-brute-force attack against SHA-512?

I wasn't sure, but as I recalled, SHA-512 is useful when you need 512 bits of information, but for something other than security reasons. It'd be no more secure than if you had taken the orginal data, hashed it, flipped a bit in the hash, hashed that, and the concatonted the two hashes together into a value twice the size of orginal hash. It's bigger, but you could still cryptoanaylize the hash with as much work as it would take to get the orginal hash size.

However, a lot of other things I've read seem to contrict what I thought I knew; SHA-512 might really be that much more secure, at least as far as brute-forcing goes.