Thank you for that. Right now I'm running stock Samsung rom on my Note 3 (thought I'd wait for cyanogen to mix it up with 5.0 before flashing). But at least then there is another option than what I do now, basically a compromise that combines the worst of both worlds: a password/phrase that is too long to be convenient to type in to unlock, and probably too weak to offer real security, assuming the encryption key is generated via a straightforward derivation (not sure if there is any decent stretching involved?).

Either way, for a device like a phone, I'm pretty sure TPM is the way to go. Alternatively a strong pass-phrase to unlock/boot, and a hard limit on attempts to unlock the lock screen before the device turns itself off (or at least "guarantees" that the disk is unmounted and the key wiped from ram...).