Deja vu: viewtopic.php?p=11923#p11923
This explains how to do it:viewtopic.php?p=11946#p11946
Now that I've read the patent it's actually exactly what I wrote except that they used 256 files, bad file buffering, and they didn't do a full sort on the data just read the bit field file into ram and set the bits while reading the file with passwords. So it might be a little faster to copy the patent's way on the last point but doing a full sort using radix sort will mean you aren't violating the patent. When generating and storing the passwords if you store them in blocks of 2^20 passwords to save about 18 bits per password plus the savings of n bits from the initial bucket sort. Also storing it in a LHT* instead of storing the data as 2^n files (where the first n bits of the hash tells you the file number) with just a list of full passwords will help avoid patent issues and make it much faster and smaller.
* I said store it in a LHT even though they kind of are since they are not storing/indexing the full hash, but they store the full password so it's not a true LHT.
So cost is (chain count * chain length) links plus the cost of sorting that data (more than likely in several parts) and read and writing all that data to and from disk.