Please read the updates too since my "actual confusion" is in there.
It has been quiet sometime, since Joomla! started supporting the bcrypt hashing algorithm, alongside the md5 + salt that has been the defacto since Joomla! 1.5.
Now my question is "As an end user, what benefits do I get if I start using Bcrypt right away, In comparison to the current algorithm viz. MD5 + salt? Does it even make any difference for a normal blog with a few hundred visitors daily?"
Update:-
Also I read somewhere that due to the speed of md5 hashing, My password could be easily calculated in a matter of days/months @ most.
But does this not require my hash to already be present with the attacker to compare to? And If he/she doesn't have the hash in the first place, then how does the hashing algorithm that I use, affect my sites security? And eventually he ends up having to Brute Force my login page anyways?
And if its down to Brute Forcing their way through, then isn't Bcrypt equally vulnerable to password guessing?
But does this not require my hash to already be present with the attacker to compare to? And If he/she doesn't have the hash in the first place, then how does the hashing algorithm that I use, affect my sites security? And eventually he ends up having to Brute Force my login page anyways?
First, no. Many sites allow login attempts without a rate limit. With MD5, assuming the servers can handle it, a user could very rapidly attempt to brute-force passwords just by trying lots of passwords in quick succession. bcrypt's slowness guarantees that such an attempt will be much slower.
Second, a key security concept in computing is defense in depth. You don't want just one level of security - it's fairly easy to accidentally write a SQL injection vulnerability that might let an attacker dump password hashes. By using bcrypt, you limit the damage such a vulnerability can cause.