Second reply: I saw that you work in applied cryptography and blockchain technology @ Cryptography Services (NCC Group) so you might be familiar with somewhat Grey Hat russian forum InsidePro; back in the day I saw people there requesting Bitcoin private key recovery for their lost private keys or if they encrypted and/or hashed wallet private keys and couldn't recover plaintext anymore and I can say that amateur crackers could recover private keys pretty efficiently and I can only wonder what professional law enforcement agency can do.
If FBI could crack smartphone encryption/protection from multi trillion dollar company I'm speaking about Apple and that terrorist's Iphone then they do pretty much anything.
> amateur crackers could recover private keys pretty efficiently
That's only if the key was derived from a weak password, which allows it to be brute-forced with standard password scanning techniques. If you're even slightly concerned with security you let a computer generate a fully random key using the proper amount of entropy—preferable on an air-gapped system or an HSM (hardware wallet). No one is going to be "recovering" private keys which were generated and handled securely without a very large budget and physical access to the storage medium.
If FBI could crack smartphone encryption/protection from multi trillion dollar company I'm speaking about Apple and that terrorist's Iphone then they do pretty much anything.