Still allows for brute-force. Distributed.net is bruting (I know that is not a word) approximately 150 billion a second. No one knows what Uncle Sam and other Nation States can do in this regard. So, salt is good, but you still need big passwords (min 72 bits) to keep the big boys out. 6.5 bit-entropy per ASCII char... that means you need at least 11 chars in your password, OK?