Steps to reproduce:
- register a passkey on device A
- authenticate on device A, using the prf extension and a constant salt. Note the prf output
- go to device B. wait for iCloud sync
- authenticate on device B using the prf extension and the same constant salt. Note the prf output
- The prf outputs are different.
Note: Repeat the authentication on each device. The prf output is identical for a given device, which seems to point towards the inclusion of a device specific component in the prf derivation.
In my scenario, I need the prf output to be the same regardless of the device since I use it as the recovery key for my app data.
Could you confirm that this is the expected behavior or not?
Thanks,