1. If your password is very very good (a Diceware password would suffice), then any method of storing passwords that is better than storing them in plaintext will stop someone from brute forcing it.
2. If your password is very bad, then even an excellent password hashing algorithm will not save you.
"Just use bcrypt" is meant to save people who are in the middle.
Two principles here:
1. If your password is very very good (a Diceware password would suffice), then any method of storing passwords that is better than storing them in plaintext will stop someone from brute forcing it.
2. If your password is very bad, then even an excellent password hashing algorithm will not save you.
"Just use bcrypt" is meant to save people who are in the middle.