You don’t need to merely tend towards. You just can’t brute force a random 20 characters password of the type that he mentioned. Brute force is almost never used, even with half of entropy of such password.
His password was intercepted, or was embarrassingly deterministic.
I didn't see anyone mention a random 20 characters password. I saw 20 character password with symbols and upper and lower case. That might be 4 words strung together "correct horse battery staple" style.
Or something like, notebook still had the keys in memory when it was recovered
Though from this description it looks like they read the disk (trivial) but it's not sure if they actually pulled anything from it (at least it seems they didn't pull anything incriminating if I read it correctly).
If they were using a crib sheet to the point of only trying 1m attempts, this can be done in “days” with one CPU even if PBKDF2 is set to take one second each attempt on that CPU.
A “better” KDF isn’t fundamentally going to change this. It’s just going to enforce stricter limits on any time-memory trade offs and require more memory. Neither of these are going to be meaningful differences when you’re cracking a single password for a single user with a crib sheet, unless you’re in the realm of billions or more guesses.
His password was intercepted, or was embarrassingly deterministic.