Well, today I stumbled across this:
In a test, the [GPU cluster] was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks...this means we could rip through any 8 character password (95^8 combinations) in 5.5 hours.The point is: if you wait five years, the hardware you get is exponentially faster than what was available at the time. In 2018, are we going to be down to minutes? And what about combining this approach with rainbow tables?