RESEARCH: Strong Key Derivation Function - glenw921/TripleCrypt GitHub Wiki

Mitigations Against Brute-Force Attacks:

Strong Key Derivation Function (KDF): If passwords are used to generate encryption keys, a strong KDF such as PBKDF2, scrypt, or Argon2 should be used. These algorithms make brute-force attacks extremely difficult by introducing computational cost (i.e., making each password guess require significant CPU or memory resources).

Higher Iterations: Increase the number of iterations in the KDF to slow down each password guess. This forces attackers to spend much more time for each attempt. Example: If PBKDF2 with 100,000 iterations or Argon2 is used, it would take significantly more time to brute-force even a moderately strong password.

QUESTION: (1) How exactly do these work to "slow down each password guess" and make a brute force attack more expensive?