Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • Index
    • Overview and Device Description
    • Information provided by the Manufacturer
    • Design and Manufacturing Information
      • R-TF-012-019 SOUPs
        • Albumentations
        • Argon2-cffi
        • Authlib
        • Boto3
        • CPython
        • Dependency Injector
        • FastAPI
        • Numpy
        • OpenCV Python
        • Pillow
        • Psutil
        • Pydantic
        • PyTorch
        • Requests
        • Timm
        • Ultralytics
        • Uvicorn
      • R-TF-012-028 Software Requirement Specification
      • R-TF-012-029 Software Architecture Description
      • R-TF-012-030 Software Configuration Management Plan
      • R-TF-012-031 Product requirements specification
      • R-TF-012-033 Software Tests Plan
      • R-TF-012-037 Labeling and IFU Requirements
      • R-TF-012-040 Documentation level FDA
      • R-TF-012-041 Software Classification 62304
      • R-TF-012-043 Traceability Matrix
      • Review meetings
    • GSPR
    • Benefit-Risk Analysis and Risk Management
    • Product Verification and Validation
    • Post-Market Surveillance
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Grants
  • Pricing
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Design and Manufacturing Information
  • R-TF-012-019 SOUPs
  • Argon2-cffi

Argon2-cffi

Description​

argon2-cffi is a Python library that provides bindings to the Argon2 password hashing algorithm (the PHC winner), enabling secure password hashing, verification, and rehash detection. It wraps the reference Argon2 implementation via CFFI and offers a high-level PasswordHasher API for straightforward integration.

General details​

  • Developer(s): Hynek Schlawack and contributors.
  • Open source: Yes
  • Language(s): Python (with CFFI bindings)
  • Repository: https://github.com/hynek/argon2-cffi
  • License: MIT
  • Operating system(s): Linux, Windows, macOS (and other POSIX platforms supported by Argon2)
  • Actively maintained: Yes (latest release 25.1.0 on 03 Jun 2025)

Intended use on the device​

The SOUP is used in the medical device for the following specific purposes only:

  • Hash user passwords using the Argon2id algorithm to securely store credentials for authentication flows.
  • Verify provided passwords against stored Argon2id hashes and detect when rehashing is needed due to updated parameters.

Requirements​

For the integration and safe usage of this SOUP within a software system, it's important to outline both functional and performance requirements. These requirements help mitigate risks and ensure compatibility and performance standards are met.

Functional​

  • Secure password hashing: Provide Argon2id hashing with configurable parameters (time cost, memory cost, parallelism) and automatic salt generation.
  • Password verification: Verify hashed passwords and raise explicit errors on mismatches or invalid hashes.
  • Rehash detection: Offer a mechanism to check whether existing hashes require rehashing when security parameters change.
  • Memory-hard design: Enforce Argon2’s memory-hard properties to resist GPU/ASIC brute-force attacks in accordance with configured parameters.
  • Encoding compatibility: Support hashing and verification of both str and bytes inputs, and output standard encoded hash strings.

Performance​

  • Configurable resource use: Allow tuning of memory and time cost to balance security with acceptable latency in authentication endpoints.
  • Predictable latency: Execute hashing and verification with consistent timing for given parameters to avoid timing side channels.
  • Scalability: Handle concurrent hash/verify calls in web workloads without excessive contention or resource exhaustion.
  • Resource safety: Manage native bindings securely to avoid leaks or instability under sustained load.

System requirements​

Establishing minimum software and hardware requirements is important to mitigate risks, such as security vulnerabilities, performance issues, or compatibility problems, and to ensure that the SOUP functions effectively within the intended environment.

Software​

After evaluation, we find that there are no specific software requirements for this SOUP. It works properly on standard computing devices, which includes our environment.

Hardware​

After evaluation, we find that there are no specific hardware requirements for this SOUP. It works properly on standard computing devices, which includes our environment.

Documentation​

The official SOUP documentation can be found at https://argon2-cffi.readthedocs.io/.

Additionally, a criterion for validating the SOUP is that all the items of the following checklist are satisfied:

  • The vendor maintains clear and comprehensive documentation of the SOUP describing its functional capabilities, user guidelines, and tutorials, which facilitates learning and rapid adoption.
  • The documentation for the SOUP is regularly updated and clearly outlines every feature utilized by the medical device, doing so for all integrated versions of the SOUP.

Related software items​

We catalog the interconnections between the microservices within our software architecture and the specific versions of the SOUP they utilise. This mapping ensures clarity and traceability, facilitating both the understanding of the system's dependencies and the management of SOUP components.

Although the title of the section mentions software items, the relationship with SOUP versions has been established with microservices (also considered software items, by the way) because each one is inside a different Docker container and, therefore, has its own isolated runtime environment.

SOUP versionSoftware item(s)
>=25.1.0projects/apps/ui/api_gateway

Related risks​

The following are risks applicable to this SOUP from the table found in document R-TF-013-002 Risk management record_2023_001:

  • 58. SOUP presents an anomaly that makes it incompatible with other SOUPs or with software elements of the device.
  • 59. SOUP is not being maintained nor regularly patched.
  • 60. SOUP presents cybersecurity vulnerabilities.

Lists of published anomalies​

The incidents, anomalies, known issues or changes between versions for this SOUP can be found at:

  • Argon2-cffi Changelog
  • Argon2-cffi Releases
  • Argon2-cffi Issues
  • Argon2-cffi Release History on PyPI

History of evaluation of SOUP anomalies​

09 Dec 2025​

  • Reviewer of the anomalies: Gerardo Fernández Moreno
  • Version(s) of the SOUP reviewed: 25.1.0

No anomalies have been found.

Record signature meaning​

  • Author: JD-004
  • Reviewer: JD-003
  • Approver: JD-005
Previous
Albumentations
Next
Authlib
  • Description
  • General details
  • Intended use on the device
  • Requirements
    • Functional
    • Performance
  • System requirements
    • Software
    • Hardware
  • Documentation
  • Related software items
  • Related risks
  • Lists of published anomalies
  • History of evaluation of SOUP anomalies
    • 09 Dec 2025
  • Record signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)