I ended up writing my own password cracker, since John the Ripper does not do well with auditing large password lists. Looking through JtR's code was interesting because it's fairly shocking to find out that A) The guesses per second it displays in its status updates are only loosely related to reality to put it nicely, B) It doesn't use binary search to check to see if it cracked a password or not.
I'll admit my password cracker currently is a quick and dirty implementation, (aka I put it together this weekend), and there is a lot of room for improvement. Still I'm finally able to make guesses fairly quickly which has been a godsend. Seeing the newly cracked passwords flash across my screen is proof enough. In a couple of days I should have enough passwords cracked where I can post a detailed analysis of them.
*Edit: I want to specify that this custom password cracker is different from the one I mentioned previously. That one only generates password guesses but it generates those guesses in probability order. More on that later ;)
1 day ago