And even worse, that's bcrypt with 32 iterations - a work factor of 5. Every Bcrypt implementation I've seen has a default work factor of 10 (1024 rounds), and people often use higher values that that.

So that 99 years is a massive underestimate for any actually secure password storage.

So 99 of them could crack a password in 1 year? That is easily obtainable and not secure at all.

If your password is only 8 characters. I go with a minimum of 14. That means 99 years turns into heat death of the universe... Or a pipe wrench.

It doesn't work that way - and if it did - it's absolutely acceptable in most, if not all systems. A year to "break something" is absolutely considered secure in risk management of larger systems.

How does it not work that way? Password cracking is infinitely parallelizable.

Technically yes - but when it comes to attacks not really. If someone wants it, you have much easier and faster techniques.

If you're a provider of some sort and storing passwords with MD5, shame on you. Or rc4. I'm looking at you, NTLM.

If you're a user and you don't assume that some providers are using MD5... That's just excessively risky.

It's not hard to manage passwords that can't be cracked regardless of the hashing algorithm.

What should I be doing to make a password that can't be cracked regardless of the hashing algorithm?

start using very high entropy passwords which contain just about all printable ascii characters, excluding whitespace.

If a computer cant guess it, it won't crack the hash, either.

Use a password manager and make those suckers 20-40 characters.

Use a master key that is just a super long phrase interleaved with special characters. Easy to remember. Like titles of books you like, plus authors, plus something only you know. Stuff like that.

I use a version of KeePass, with the actual file synced via syncthing to all devices plus a cloud.