Password stretching

100 ms is commonly suggested, but is it affordable?
Maybe not for every use case, but even if so stretching must be used anyway - just at a lower setting
Even if we merely slow down an offline attacker from billions/s to millions/s, this is worthwhile - and we'll do more than that
1 ms ought to be affordable for anybody?
Allows for up to 1000 requests/s/core, theoretically up to 86 million requests/day/core - but need to leave room for spikes
If average is 10x lower than the worst spike we need to support, a 12-core server will handle up to ~100 million requests/day
Need more? You surely can afford more servers (at least N+1)