56 bits is pretty weak for a salt and worse they would be heavily biased. Due to non-random distribution an attacker could choose to start from the most probable values and expand on the precomputation tables as time permits. Taking a ballpark guess the majority (51%) of Americans would have less than 20 bits of salt. Granted if your name is Olef-Olef-Olefz WashingFrankenburg and you were born in Greater Bumfuck, Uganda in 1999 you probably are safe. On the other hand if you are John Smith born in 1980 in New York well you just have a false sense of security. I would advocate against using this type of system but if you absolutely felt the need to use such a system it should involve more questions and ones with a flatter distribution and that are less likely to be known through casual contact:
What is the name of the street where you first lived (enter just the base word excluding any prefixes or suffixes "Main" vs "E Main St")?
What is your mothers maiden name?
What is your grandmother's middle name?
On what date did your grandparent who died the youngest die?
etc
if the user can make a decent passphrase (which is maybe not a good assumption in general)
I agree this is better than just a single hash brain wallet but the implicit zero factor nature of brainwallets means that better is probably still going to result in lost funds. The difficulty is that humans are both BAD at entropy and BAD at recognizing low entropy values. Most users simply fail at picking a strong password. However in most applications there is a second factor. To steal a desktop wallet requires the passphrase (probably weak) AND the actual file. To break into a website (which hopefully disables logins after failed attempts) requires the weak passphrase AND the hashed password table. Brian Wallets don't have that luxury.
