I am clearly aware of key derivation - that's why I said "depending on the algorithm" and specified the attack scenario. In fact I went as far as as suggesting the best password derivation scheme at the moment - scrypt - to the bitcoin developers
. That would have been even stronger than the dynamic round count they are currently using.
Then why did you base a hypothetical attack @ 12 hours using entire bitcoin network. That would require 1 hash = 1 key. Even the weakest key derivation funciton would increase that attack scope by a factor of 1000x.
Of course this thread is about bitcoin wallet passwords which do use a much stronger key derivation function meaning your 12 hour "estimate" is off by a factor of at least 50,000x.
That said, you must realize that you have no control or information over what key derivation scheme sites you visit are using. A key derivation scheme that employs 1 second of CPU time is completely inadequate for a high traffic site - it will bog down the server CPU with a minuscule number of users currently logging in. That's why many sites use simply a salted hash, or a reduced-round variant like the md5crypt that only uses 5000 iterations. That's an extra 12 bits of entropy, but still not enough to protect a weak password.
Which really has nothing to do with this thread but even a 5000 round iteration vastly increases the number of hashes per key. All your assumptions and "estimates" were based on 1 hash = 1 key which was a problem solved nearly 3 decades ago.