Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • TF_Legit.Health_Plus
    • Legit.Health Plus TF index
    • Legit.Health Plus STED
    • Legit.Health Plus description and specifications
    • R-TF-001-007 Declaration of conformity
    • GSPR
    • Clinical
    • Design and development
    • Design History File (DHF)
      • Version 1.0.0.0
        • Requirements
        • Test plans
        • Test runs
        • 🥣 SOUPs
          • Albumentations
          • Authlib
          • AWS DocumentDB
          • AWS S3
          • Bcrypt
          • Boto3
          • CPython
          • FastAPI
          • Numpy
          • OpenCV Python
          • Pandas
          • Pillow
          • Pydantic
          • PyMongo
          • Python Benedict
          • PyTorch
          • Requests
          • Ultralytics
          • Uvicorn
    • IFU and label
    • Post-Market Surveillance
    • Quality control
    • Risk Management
  • Licenses and accreditations
  • External documentation
  • Procedures
  • Records
  • TF_Legit.Health_Plus
  • Design History File (DHF)
  • Version 1.0.0.0
  • 🥣 SOUPs
  • Bcrypt

Bcrypt

Description​

Bcrypt is a password hashing library designed to securely store passwords. By using a salt to prevent rainbow table attacks and employing a slow hash function, bcrypt offers a secure way to hash and store user passwords. It's a popular choice among developers for its balance between security and efficiency in preventing brute-force attacks.

General details​

  • Developer(s): Maintained by the Python Cryptographic Authority (PyCA), a group dedicated to providing secure and reliable cryptographic libraries for Python.
  • Open Source: Yes
  • Language(s): Python, Rust
  • Repository: https://github.com/pyca/bcrypt/
  • License: Apache License 2.0
  • Operating system(s): Compatible with Linux, Windows, and macOS.
  • Actively maintained: Yes (within the past week)

Intended use on the device​

The SOUP is used in the medical device for the following specific purposes only:

  • Generate a hashed password from plain text for user authentication in the web API.
  • Verify a hashed password stored in the database against a plain text password sent by a user.

Requirements​

For the integration and safe usage of this SOUP within a software system, it's important to outline both functional and performance requirements. These requirements help mitigate risks and ensure compatibility and performance standards are met.

Functional​

  • Secure password hashing: As its primary function, to provide a secure method for hashing passwords. This includes the generation of salt values to ensure each password hash is unique.
  • Password verification: Offer a way to verify a plain-text password against a stored hash to authenticate users.
  • Salting and work factors: Allow for the configuration of salting and work factors, enabling developers to adjust the computational difficulty of the hashing process, thus making brute-force attacks more challenging.

Performance​

  • Adaptable work factor: Perform efficiently across various hardware configurations while allowing adjustments to the work factor to maintain a balance between security and performance.
  • Time-consistent operations: The time it takes to hash and verify passwords should be consistent to prevent timing attacks.
  • Scalability: Capable of handling a large number of password hashing and verification requests simultaneously, suitable for applications with a high user volume.

System requirements​

Establishing minimum software and hardware requirements is important to mitigate risks, such as security vulnerabilities, performance issues, or compatibility problems, and to ensure that the SOUP functions effectively within the intended environment.

Software​

After evaluation, we find that there are no specific software requirements for this SOUP. It works properly on standard computing devices, which includes our environment.

Hardware​

After evaluation, we find that there are no specific hardware requirements for this SOUP. It works properly on standard computing devices, which includes our environment.

Documentation​

Although it does not have an official documentation website, this SOUP offers a brief usage guide within the README file of its repository. This guide covers basic installation, how to hash passwords, and how to verify hashed passwords against plain ones. Despite its limited documentation, we have preferred this library for password hashing in Python due to its modern security features and strong community endorsement.

Related software items​

We catalog the interconnections between the microservices within our software architecture and the specific versions of the SOUP they utilise. This mapping ensures clarity and traceability, facilitating both the understanding of the system's dependencies and the management of SOUP components.

Although the title of the section mentions software items, the relationship with SOUP versions has been established with microservices (also considered software items, by the way) because each one is inside a different Docker container and, therefore, has its own isolated runtime environment.

SOUP versionSoftware item(s)
4.1.2WEB API GATEWAY

Related risks​

The following are risks applicable to this SOUP from the table found in document R-TF-013-002 Risk management record_2023_001:

  • 58. SOUP presents an anomaly that makes it incompatible with other SOUPs or with software elements of the device.
  • 59. SOUP is not being maintained nor regularly patched.
  • 60. SOUP presents cybersecurity vulnerabilities.

Lists of published anomalies​

The incidents, anomalies, known issues or changes between versions for this SOUP can be found at:

  • Bcrypt Changelog
  • Bcrypt Issues

History of evaluation of SOUP anomalies​

29 Feb 2024​

  • Reviewer of the anomalies: Alejandro Carmena Magro
  • Version(s) of the SOUP reviewed: 4.1.2

No anomalies have been found.

Record signature meaning​

  • Author: JD-004
  • Reviewer: JD-003
  • Approver: JD-005
Previous
AWS S3
Next
Boto3
  • Description
  • General details
  • Intended use on the device
  • Requirements
    • Functional
    • Performance
  • System requirements
    • Software
    • Hardware
  • Documentation
  • Related software items
  • Related risks
  • Lists of published anomalies
  • History of evaluation of SOUP anomalies
    • 29 Feb 2024
  • Record signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)