Even 3DES is still likely to be secure against all but state actors.
Mind you this can't be used with hashing since this effectively be a collision (could possibly be used with salt poisoning and potentially with variance in rounds).
Not forgetting you can just slow a brute force session down by punishing multiple attempts.
Not if my passphrase is S3cur3!. The primary use case for HE is securing data that's encrypted with keys that a human chose.
This could potentially work but the problem is that KDA's are used to generate KEKs usually not to encrypt the actual data.
It also remains to be seen of this has an impact on the strength of the key especially for chosen plaintext attacks.