[jjarmoc]

"I read they recommend to use the both (adaptive hashing and "local parameterization")."

I read their text as recommending A or B, based on the intro where they state "Two approaches facilitate this, each imperfectly."

"As even if you utilize separate device (HSM for example) for encrypting the passwords (I'd encrypt instead HMAC), you should indeed not give up on adaptive hashing."

Right, this is the sort of thing that led me to hedge by saying I MIGHT be convinced if an HMAC were involved; it still gives me pause, for sure.