So this person's claim to have a TPM+PIN attack might imply they are able to use the same LPE to get a (PIN-encrypted) key from the TPM then they can simply brute force?