What does "Use caching to load data file faster" do?

(Preferences > Advanced)
Forgive me if this is documented somewhere, but I searched fairly extensively in the help documentation and the forums, and did not find the answer.

What does the 'use caching to load data file faster' actually entail, on both a security level, and an implementation level.
I want to make an informed selection as to whether I enable/disable the option, and what the ramification of doing so would be.

Thanks.

Comments

  • khad
    khad
    1Password Alumni
    Hey, cactusj,

    Welcome to the forums!

    "Use caching to load data file faster" um...creates a cache to load the data file faster. I'm not really sure how to further simplify that. There is not really any reason to turn it off except for troubleshooting purposes. :-)

    I hope that helps. Please let me know.
  • cactusj
    cactusj
    Community Member
    khad wrote:

    Hey, cactusj,

    Welcome to the forums!

    "Use caching to load data file faster" um...creates a cache to load the data file faster. I'm not really sure how to further simplify that. There is not really any reason to turn it off except for troubleshooting purposes. :-)

    I hope that helps. Please let me know.


    What exactly is being cached, that makes it faster than simply loading the data files?
    A cache usually implies some computational shortcut or it would be pretty useless.
    Would this cache contain unencrypted data (that would normally be encrypted under the non-cache configuration setting, of some kind?
    (such as images to make the images load faster in 1password for example)

    Just looking for some information on what exactly is being cached. The only documentation hits I have run across are in regards to disabling caching if you have problems with syncing.

    Hope my question is a bit clearer now!
    :)
  • sifutommy
    sifutommy
    Community Member
    khad wrote:

    Hey, cactusj,

    Welcome to the forums!

    "Use caching to load data file faster" um...creates a cache to load the data file faster. I'm not really sure how to further simplify that. There is not really any reason to turn it off except for troubleshooting purposes. :-)

    I hope that helps. Please let me know.


    As a software engineer myself I think that this, along with the "Use multiple threads to load data file faster", are options that have no business being in a consumer product IMO. If you have to expose them, don't do it through the UI. 99% of users have no clue what these things mean nor know when they would want to change them.
  • cactusj
    cactusj
    Community Member
    As a software engineer myself, I can hypothesize at the undocumented specifics of the functionality, but figured it would be better to just ask.
    ;)

    My main question was not 'what does caching do', but 'what content is actually being cached'.
    I was concerned about information leakage via file based caching -- and thus making it into my time machine backups.
    I suppose I can just turn it on and poke around and see exactly what is being cached.
  • khad
    khad
    1Password Alumni
    Please feel free to poke around. No encrypted data is written to the drive unencrypted. :-)
  • Ryan Tate
    Ryan Tate
    Community Member
    edited June 2011
    Though I like your product and Agile's overall transparency and customer service, I am disappointed in the way this question has been handled by Agile, with two replies that did not answer the question posed

    Look, you are asking customers to 1. keep our most precious and sensitive information in your app and then 2. make a preferences decision based on incredibly vague and frankly scary wording in the app ("Use caching to load data file faster"). The whole idea of a cache of a data file storing all my passwords sounds absurdly dangerous, on the surface. I suspect the underlying reality is not so scary but then again Agile has not explained anything when asked.

    I think the OP was plenty specific in what he was asking. It's the exact questions I had when I Googled the checkbox and found this thread:

    1. What sort of data is placed in the cache file,

    2. What are the security implications of allowing this checkbox to remain checked,

    3. (implied question) How much thought has Agile put into the security implications of this cache? If you are /certain/ there are no security implications, why are you asking us users to make a decision in the first place? The simple existence of this checkbox implies that a user would want to turn off this feature, which raised questions as to what might be undesirable about it.

    Could someone at Agile address this question?

    (As to the Agile guy who suggested we should just examine the cache ourselves, I went to do exactly that and it is not at the location the preference suggested it would be at, whether the app is open or not.)

    UPDATE: (I also locked my Agile keychain by sleeping the computer. Even after logging back in I do not see the "Cache" folder so I cannot examine the Cache as suggested. I guess I could try Time Machine and try to find an old copy.)

    UPDATE 2: I looked in the "Fill" folder; it contains .plist files whose names match some sites I have recently used 1Password to log into, e.g. amazon.com.plist. I have asked about these plist files in a separate thread. I am not sure if the "Fill" folder is related to the missing "Cache" folder or entirely different.
  • khad
    khad
    1Password Alumni
    edited June 2011
    Hey Ryan,

    Thanks for bringing this up again.

    First of all, let me apologize for my short posts from last November. I felt that I had addressed the issue at the time as I believed the main questions to be:

    1. Why have this option? (performance/troubleshooting)
    2. Is it encrypted? (yes)

    It is pretty obvious in hindsight that a bit further explanation would not have hurt, but the fact that there were no follow up questions and no one else asked about this in the intervening 7 months does make me wonder. Perhaps you are looking for a bit more in depth explanation than the original poster was. Regardless, I am happy to answer your questions now (as always). :-)

    While we aren't looking to give away our "secret sauce" we are as transparent as possible when it comes to 1Password (especially matters concerning the security of your data as you can see in the thread in which I merged your other recent post). Again, please do accept my apology for not having answered the original questions to your satisfaction. I hope that with the additional clarification you have provided I might sufficiently answer your questions.

    1. What sort of data is placed in the cache file,

    Since 1Password contains not only a main application (1Password.app) but also a background agent (1PasswordAgent) and browser extensions, your data needs to be shuttled back and forth securely between them. This (typically Login) data is cached for faster performance.

    2. What are the security implications of allowing this checkbox to remain checked,

    None that I am aware of, but we are always vigilant. The caching is an integral part of 1Password's performance, but the box is available for troubleshooting purposes. It may be better to use a hidden preference in the future to avoid confusion in this regard.

    3. (implied question) How much thought has Agile put into the security implications of this cache?

    A lot. As I said, it is integral to 1Password's performance so in some sense it is foundational to 1Password's core functionality.

    If you are /certain/ there are no security implications, why are you asking us users to make a decision in the first place?

    If by "certain" you mean that mathematically there is a zero percent chance of a security flaw, then we can never be "certain." If, on the other hand, you only mean that we have been using this model for years and it has been hammered on and found to be consistently reliable and secure, then, in that sense, we are certain. We don't ask users to make the choice (which is why you won't see a prompt for this preference when you first install 1Password for Mac) but make it available for troubleshooting purposes. Again, perhaps it would be better to move this to a hidden preference in the future to avoid this kind of confusion.

    By way of example, one place in which it is important to let the user decide their level of comfort (because there are security implications) would be in the 1Password iPhone app when it is launched for the first time after a fresh installation.

    20110627-jcs6uks6qifpqspq67mai4bgqy.jpg

    The simple existence of this checkbox implies that a user would want to turn off this feature, which raised questions as to what might be undesirable about it.

    I think I am seeing a pattern here. :-)

    I will suggest to the developers that we make this a hidden preference to eliminate this implication.

    (As to the Agile guy who suggested we should just examine the cache ourselves, I went to do exactly that and it is not at the location the preference suggested it would be at, whether the app is open or not.)

    Hey, I resemble that remark. :lol:

    Depending on the version of 1Password, caches will be created in one of these locations:

    /Users/yourusername/Library/Application Support/1Password/Cache
    /Users/yourusername/Library/Caches/ws.agile*
    

    Just use 1Password as you normally would with "Use caching to load data file faster" enabled in order to see it. Time Machine — as you suggested — is also a great option if you are looking to do some investigative work.

    UPDATE 2: I looked in the "Fill" folder; it contains .plist files whose names match some sites I have recently used 1Password to log into, e.g. amazon.com.plist. I have asked about these plist files in a separate thread. I am not sure if the "Fill" folder is related to the missing "Cache" folder or entirely different.

    I addressed your last concern in its appropriate thread. As you speculated, it is indeed a completely separate issue.

    If I haven't addressed all of your concerns in a manner which you find satisfactory, please let me know. I never want to give the impression that we are trying to hide something or that we would ever blow off a concern from a 1Password user. We take our business very seriously, but, more importantly, we take the security of your data very seriously. These two are inextricably linked.

    It is great that you are asking these kinds of questions!

    Cheers,
This discussion has been closed.