A FAST md5 hash dictionary attack
http://www.securitystats.com/tools/hashcrack.php This brings it back within 10 secs no joke!
thats nothing special, i have a cracker that i coded in Perl that runs through an 11 MB dict in about 10 seconds (non-optamized code).
With a Rainbow table, you speed up the crack even more, as it no longer has to encrypt the values.
Course, the fastest by far is the Password Probability Matrix. This is capable of cracking any hash in the matrix in under 8 seconds (including passwords like: $gPw3]N%^8!gT )
For some PoC code for a PPM check out thes links:
http://www.nostarch.com/extras/hacking/chap4/ppm_gen.c that will generate the Matrix
http://www.nostarch.com/extras/hacking/chap4/ppm_crack.c that is the cracker that uses the matrix.
This is a very simplistic example. It will only do 4 characters, and only if the hashes are DES and salted with 'je'. But, you can eaisley see how this can be adapted to a number of situations.