If customs really wants your phone or PC, they will take it and contract out cracking it. They can't deny a citizen entry, but they can confiscate devices. If you're really paranoid (or more politely, just security conscious), it's not unreasonable to take precautions. That being said, the number of seizures is exceedingly small, and
new guidelines in 2018 are more restrictive on border searches.
If you use a modern Samsung or Apple device and have device encryption enabled (default on newer iOS/Android versions) with a sufficiently strong passcode and incorrect entry attempts wipe (generally the latter is a default) it's a good start. However, the software is basically validating the PIN (for the Apple devices since iPhone 5S except the iPhone 5C and iPad Air 2 & later, a chip called the secure enclave is in the middle). It's a stronger protection to enter customs with your device off as it ensures the full encryption passcode is not loaded into device memory. Depending on how devices like the GrayKey (
post #8) work it might or might not prevent passcode bruteforcing, but not having the key to decrypt loaded into device memory would increase the attack surface. Going with a dumbphone or wiped smart device could be more secure, and then restore from cloud at arrival.
(The fact that Graykey devices require more time to crack more complex passcodes suggests to me that they have figured out some way to prevent the secure enclave on iPhone/iPad from incrementing the incorrect passcode attempt counter up but the end result is just good old fashioned bruteforcing but whether or not that works if the device is freshly booted/encryption key is not in memory as a result is not public knowledge).
If you're using a Windows PC, Bitlocker with TPM will generally preload the encryption key and just have the password screen. For additional protection, you can use group policy to restrict the TPM from loading the relevant key for encryption to device memory until a valid username/password for the system is entered (general partition for system is encrypted, small partition for logon screen is not, TPM throttles logon/bruteforcing attempts). Encryption that skips the TPM and just relies on an encryption key being correctly entered at startup may be more secure (in theory, assuming the key is strong enough).
As a US citizen, upon request from CBP I would personally refuse to decrypt personal devices and would offer CBP to contact my employer on authorization to decrypt any corporate devices (by putting the decision on my employer, the liability for the consequences of choosing to comply or not with the request falls on them.)
Never been asked personally though...