[Still Thinking]

If the user opts for just the four digit numeric passcode, the key would be constructed from that number plus the 128 character UUID, making a 132 character key. That is STILL a very difficult key to break. The number of possible keys is 132223. . . a number far larger than a Googol.

But knowing the UUID, for a person known to have a four-character passcode, couldn't they just brute force the 223^4 possible combinations of that with the UUID, hash, and find the one that matches? 223^4 is 2.47x10^6, so that's still a lot, but not past the death of the universe or anything.

[Swordmaker]

But knowing the UUID, for a person known to have a four-character passcode, couldn't they just brute force the 223^4 possible combinations of that with the UUID, hash, and find the one that matches? 223^4 is 2.47x10^6, so that's still a lot, but not past the death of the universe or anything.

Nope, the key will be 132 characters of which any of the characters can be any of 223 possible characters. . . The four digits can appear any where in the 132 characters. As I understand things, they do not know this UUID. . . or where the four passcode characters were entangled in this UUID or how. . . and the UUID and the entangled passcode are only the basis for creating the key, not the key itself.

There is an algorithm that actually creates the key. All of this occurs inside the A9 processor and is never allowed outside of the processor. HASHes of all of this are kept in the Secure Enclave portion of the Processor which is not accessible from outside the processor.