For the password I use for the SDMB, it says 6 million years, yet it is actually relatively simple (somebody who knows me well could easily guess it). I also use the same password on other sites (although not everywhere). Also, the displayed time needed to crack it appears instantly as I enter it, so I doubt any information is actually being sent to the server, probably some JavaScript code; if you click on show details, it will show the number of characters and combinations (for letters only, there are 26 combinations per character, so the total is 26^n; including numbers makes it 36^n and so on), which is very easy to use to calculate the time needed, using the assumed speed.
Shoehornbutterhorse?