same passkey synced on 2 devices generate different prf outputs for the same salt

Question

hhanh00 OP

Created 2w

Replies 1

Boosts 0

Participants 2

Steps to reproduce:

register a passkey on device A
authenticate on device A, using the prf extension and a constant salt. Note the prf output
go to device B. wait for iCloud sync
authenticate on device B using the prf extension and the same constant salt. Note the prf output
The prf outputs are different.

Note: Repeat the authentication on each device. The prf output is identical for a given device, which seems to point towards the inclusion of a device specific component in the prf derivation.

In my scenario, I need the prf output to be the same regardless of the device since I use it as the recovery key for my app data.

Could you confirm that this is the expected behavior or not?

Thanks,

Boost

Answer 1

Engineer OP

Apple

1w

This should work as expected, that is, the prf should be identical in this case.

What I would suggest is to first make sure you don't have anything in your code that is changing the salt or anything else on one device vs. the other, and the data blobs are bit identical.

If you come to the conclusion that there is no issue in your code, it is always possible that something may have broken on the system side, so we would like to see a bug report about this.

If you do so via https://feedbackassistant.apple.com/ please also include a sysdiagnose from both devices right after you reproduce the issue. In your bug report please include any and all relevant information like your data blobs, etc.

Once you have done so, please share your Feedback ID here, and @mention me in your response so I can forward the issue to the team right away.

0