Apple claims that the KDF uses salt fabricated into secure conclave in the CPU. You cannot realistically bruteforce password outside the device since you don't know high-entropy salt. So you have to type in pin code by hand and have your phone erased after N times.