You should have given it a full second.
Actually with md5, the problem is indeed not to "be cracked", it is for a collision to have been found.
A collision is an event where to different inputs yield the same md5 hash, and the math behind md5 has been sufficiently broken that creating a forged document with the same md5 has as a genuine document is no where near computationally challenging enough anymore. You can have two (or more) different inputs yield the same string. (SSL and code signing certificates which used keys derived with md5 have catastrophically been forged)
It has probably been since 2008 that md5 has been generally know to be unreliable for security applications.