feat: --guesses (zxcvbn) and --memory (argon2id) flags

[kanywst]

Reopens superseded #7. The original PR was auto-closed when its stacked base (chore/externalize-hashrates) was deleted on merge. This PR's branch has been rebased onto the post-merge main.

Summary

Adds the two highest-leverage usability gaps from the post-merge review of #1:

• --memory accepts an Argon2id memory parameter (64m, 128m, 1g, or bare MB) and routes it through the hashrate model. Argon2id is a memory-hard function — bumping memory is the single most effective defender lever against GPU attackers — but the previous code only divided by workFactor (time iterations), silently underestimating defender strength for any policy above the 64MB baseline.
• --guesses accepts an external guess count, typically the guesses field from a zxcvbn report, and short-circuits the built-in naive entropy estimator. This finally lets brtc act as a pure cost converter on top of a real strength meter, addressing the README positioning.

When --guesses is set the password argument becomes optional and the budget/max-length feature is skipped (it needs a charset assumption that an external estimator does not provide).

How to use

guesses=$(zxcvbn-cli "P@ssw0rd!" --json | jq -r .guesses)
brtc --guesses "$guesses" --algo bcrypt --cost 12 --hw aws-p5.48xlarge

brtc --algo argon2id --memory 64m  -o json "P@ssw0rd!" | jq .cost_usd
brtc --algo argon2id --memory 256m -o json "P@ssw0rd!" | jq .cost_usd
brtc --algo argon2id --memory 1g   -o json "P@ssw0rd!" | jq .cost_usd

Verification (local)

$ brtc --guesses 1e10 -o json | jq '{combinations, entropy_bits, time_to_crack_seconds, cost_usd}'
{ "combinations": 10000000000, "entropy_bits": 33.22, "time_to_crack_seconds": 1600000, "cost_usd": 133.33 }

$ brtc --algo argon2id --memory 64m  -o json "P@ssw0rd!" | jq .hash_rate_per_sec   # 100
$ brtc --algo argon2id --memory 256m -o json "P@ssw0rd!" | jq .hash_rate_per_sec   # 25  (4x slower)

• go test -count=1 ./... ✓
• golangci-lint run ./... ✓ 0 issues

Test additions

• TestParseMemory / TestParseGuesses — unit boundaries, scientific notation, rejection of malformed inputs.
• TestCalculateHashRate_Argon2MemoryScaling — baseline, doubling, sub-baseline clamp, multiplicative composition with time.
• TestFromGuesses and TestFromGuesses_HugeNumberDoesNotOverflow — bit-length fallback for guess counts beyond float64 range.

[coderabbitai]

Warning

Rate limit exceeded

@kanywst has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 81fb4265-f9b0-414f-9536-41830ab974c5

📥 Commits

Reviewing files that changed from the base of the PR and between 4f7e4fd and 2a9e547.

📒 Files selected for processing (11)

• README.md
• cmd/root.go
• internal/calc/entropy.go
• internal/calc/entropy_test.go
• internal/calc/parse.go
• internal/calc/parse_test.go
• internal/cost/cloud.go
• internal/cost/cloud_test.go
• internal/cost/hardware.go
• internal/cost/hardware_test.go
• internal/ui/output.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/external-guesses-and-memory

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces support for Argon2id memory parameters and external entropy estimates via the new --memory and --guesses flags. The changes include updated hash rate calculation logic to account for memory-hard functions, a new parsing utility for memory units and scientific notation, and expanded documentation and tests. The review feedback identifies several opportunities to improve the robustness of the new parsing logic, specifically by making the memory unit regex more flexible, preventing potential integer overflows during unit conversion, and handling infinite values when parsing external guess counts.

[gemini-code-assist]

The regular expression for parsing memory is quite restrictive. It doesn't allow for common variations like mb, gb, or spaces between the number and the unit (e.g., 64 mb). Improving the regex to be more flexible would enhance the user experience.

Suggested change

	var memoryRe = regexp.MustCompile(`^(\d+)([mg])?$`)
	var memoryRe = regexp.MustCompile(`^(\d+)\s*([mg]b?)?$`)

[gemini-code-assist]

The unit parsing logic should be updated to handle the more flexible units (like mb or gb) allowed by the suggested regex. Additionally, when converting GB to MB, there is a potential for integer overflow if a very large value is provided. Adding a check for this ensures robustness, especially on 32-bit architectures.

	switch {
	case m[2] == "" || strings.HasPrefix(m[2], "m"):
		return n, nil
	case strings.HasPrefix(m[2], "g"):
		if n > 2097151 { // Limit to ~2TB to prevent overflow on 32-bit systems
			return 0, fmt.Errorf("memory value too large: %d GB", n)
		}
		return n * 1024, nil
	}
	return 0, fmt.Errorf("unknown unit %s", m[2])

[gemini-code-assist]

The big.ParseFloat function can return infinite values if the input string is "inf" or if the value exceeds the maximum representable exponent. Since f.Int(nil) has undefined behavior for infinite values, it is important to check for this condition explicitly.

Suggested change

	f, _, err := big.ParseFloat(s, 10, 256, big.ToNearestEven)
	if err != nil {
	return nil, fmt.Errorf("guesses: cannot parse %q", s)
	}
	f, _, err := big.ParseFloat(s, 10, 256, big.ToNearestEven)
	if err != nil {
	return nil, fmt.Errorf("guesses: cannot parse %q", s)
	}
	if f.IsInf() {
	return nil, fmt.Errorf("guesses: value cannot be infinite")
	}

[kanywst]

Addressed @gemini-code-assist's three suggestions:

• ci(deps): bump golangci/golangci-lint-action from 7 to 9 #3 (Inf check in ParseGuesses) — accepted. big.ParseFloat("inf") returns +Inf and big.Float.Int(nil) on Inf returns a nil *big.Int, which then panics downstream in TimeToCrack via big.Float.SetInt(nil). Fixed in 2a9e547 with an explicit IsInf check and tests for inf / +inf.
• chore: 2026 cleanup — dependabot, lint, hw profile parity, tests #1 (more flexible memory regex: mb/gb/spaces) — declined. The documented format is the conventional 64m / 1g style; widening it to 64 mb makes the docs vaguer without unblocking any real workflow.
• ci(deps): bump actions/checkout from 4 to 6 #2 (32-bit overflow on GB→MB conversion) — declined. Argon2id memory is realistically capped well under 32 GB; we'd hit OOM on the runner long before the conversion could overflow even on a 32-bit target.

[gemini-code-assist]

Thanks for the update and for addressing the inf check in ParseGuesses. That fix looks solid and correctly handles the potential panic scenario. I understand your reasoning regarding the memory regex and the 32-bit overflow concerns; given the practical constraints and the focus on usability, your decisions make sense.