As I understand it, by using one-way encryption we can protect stored password data in the event that they are stolen. Broadly speaking, password data can usually be cracked by guessing so the strength of the password protection could be measured as the computer time we would expect a brute force attack to take.

However, computation time isn't a good metric by itself because attacks can be parallelized and, more importantly, some encryption methods can be more easily parallelized than others. "10 years" has a very different meaning depending on whether an attack is embarrassingly easy to parallelize or if it is very resistant to a parallel attack.

Assuming we know everything we can know (algorithm, quality of salt, password policy, iteration count, number of passwords, etc...) and we fix our assumptions about the techniques available to an attacker, then, is there a reasonable indicator of how well protected password data is in the hands of an attacker (even if it were only 'accurate' to a couple of orders of magnitude)?

E.g. is financial cost a reasonable metric? Could an indication of "$1,000 per password cracked" very loosely estimate the protection of a password? E.g. an attacker with massive resources might crack one every second while another might crack one every month but (within a couple of orders of magnitude) it costs each $1,000 per password.

If cost is no good at all, is there any metric that can be used to communicate to the layperson the relative strength of password protecting designs?