Performance: Use of github.com/nbutton23/zxcvbn-go adds ~25ms of latency to every run

[twpayne]

The use of github.com/nbutton23/zxcvbn-go adds about 25ms of latency to every run, due to its use of expensive, un-skippable init() functions.

Note that running gopass --version takes 32ms on a fast machine (AMD Ryzen 7 8700G):

$ time ./gopass --version
gopass 1.15.15-git+HEAD (a27a9cc1) go1.24.2 linux amd64
./gopass --version  0.03s user 0.01s system 130% cpu 0.032 total

Analyzing the startup time shows that a single library is responsible for 25ms of the 32ms:

$ GODEBUG=inittrace=1 ./gopass --version |& awk '{print $5, $6, $2}' | sort -n | grep zxcvbn-go
0.004 ms github.com/nbutton23/zxcvbn-go/data
0.006 ms github.com/nbutton23/zxcvbn-go/entropy
0.46 ms github.com/nbutton23/zxcvbn-go/adjacency
7.5 ms github.com/nbutton23/zxcvbn-go/matching
17 ms github.com/nbutton23/zxcvbn-go/frequency

The reason for this is that, on startup, github.com/nbutton23/zxcvbn-go performs several expensive operations, including computing a large amount of static data that could be either computed before compile time or computed on demand.

Since this library is both archived, and very US English-centric, I would recommend removing it. If you really want to keep using it, I would happily submit a fork of zxcvbn-go that only computes the data if it is needed to avoid this unnecessary cost.

[dominikschulz]

@twpayne Thanks a lot for the great bug report. I will take a look and if I can reproduce the issue, we'll get rid of this library.

[twpayne]

If you don't want to get rid of the library, I have a fork with lazy initialization (using sync.Once) that avoids the start-up cost.

[dominikschulz]

@twpayne Thanks. Your PR is now submitted. I don't think we need to add it back.