In addition to what DCKing said, you can effectively rate-limit password attempts on encrypted data by deriving the key using a cryptographic hashing function such as bcrypt with a high amount of iterations.