The rate limiting is the security element's speed (separate from the "too many tries" timeout and the "wipe after 10 tries" thing). Unless the security element itself has a backdoor, even Apple can't go faster than 12 tries per second. It is still about 20 minutes.
But a longer pass phrase (admittedly a ux problem) helps. Plus, rumors of biometrics, which may or may not be implemented in a smart way. A biometric which allows a 4 digit pin, or if it fails, a 16 char alphanumeric, would be proper.
But a longer pass phrase (admittedly a ux problem) helps. Plus, rumors of biometrics, which may or may not be implemented in a smart way. A biometric which allows a 4 digit pin, or if it fails, a 16 char alphanumeric, would be proper.