CONFUSING: Is it better to use the nanowallet or the NCC?

When attempting to create a simple wallet in the nanowallet, this warning message is displayed:
" Please read about dangers that client side generated keys pose; we are not responsible for any loss that could be due to the entropy of key generation. Even if it is unlikely to happen, it is still recommended to use a private key generated from a NEM client (NCC)"

Is it better then to use the NCC instead? If so, why isn’t it available for download on the same page as the nanowallet? Must I find an old version NCC and use it to generate my new private keys for the nanowallet as recommended by the warning message? And the nanowallet is Beta 1.4.13. Does this mean it’s beta software and to be only used at one’s own risk? If so, where’s the NCC for download if we want the safest option? This is confusing and misleading, especially for new users. Why does NEM point users to the nanowallet instead of the NCC if the nanowallet is in beta and NCC is the safest means to create private keys?

Please clarify.

You should use nano wallet. NCC is no longer supported. About this warning. I don’t have now access to nano wallet (I’m on my phone) . Could you paste print screen? Is this version 1.4.13?
About beta. Crypto is still in early phase that’s why application have often still beta version. But on my experience nano wallet is safe if you use strong passwords and free of viruses computer.

@mizunashi @Saul
Any of you know why in nano wallet 1.4.13 still is warning:
“Please read about dangers that client side generated keys pose; we are not responsible for any loss that could be due to the entropy of key generation. Even if it is unlikely to happen, it is still recommended to use a private key generated from a NEM client (NCC).”?
As I know NCC is discontiuned so this message should be changed?

Using the processing power of the current computer and the software technology in the world, technology that seems safe for the time being is used.
I know that it is almost impossible to generate dangerous secret keys that are mathematically, statistically and stochastic.
This is true for both NCC and NanoWallet.
However, even if the possibility is infinitely low, I can not guarantee that it will never exist, so I think that this notation will be necessary.
We will use it after understanding it.
I think this is a problem that can not be avoided when making secret keys from random things.

Yes, that’s all true. It’s all about entropy and generating keys.
But in my opinion mention, NCC in this message/warning is confusing because it is not maintained anymore.

NCC has finished development and there is not the latest version.
Currently it exists only for maintenance purposes, so there will be no further messages added.
I think that NCC simply did not mention that on the software.
There may be description in the manual.

@mizunashi it’s message directly from nanowallet 1.4.13 (print screen below). In my opinion this warning shouldn’t mention NCC.

nano_message.png829×496 319 KB

@Quantum_Mechanics
I want to know the real meaning of this document.
It is conceivable that Java libraries produce better random numbers than Javascript libraries, but it seems that programming can solve them.

What I understand is that Nano Wallet uses for generating random numbers WebCryptoAPI API.
This API don’t give full warranty about high-quality entropy (random numbers) because it all depends on device you runing nano wallet. If device supports truly random it will be used. If device don’t supports truly random numbers it will be used pseudo random numbers.

It is a random number for making BIP 32 MasterSeed.
I do not know how much random numbers pseudo random numbers are, but I think that it will be possible if it works well.
It seems that it is likely to solve if you mix common keyboards randomly pushing or moving the mouse.

Java uses hardware entropy and JavaScript use software entropy. The latter is weaker but it’s okay.

Yes, Nano Wallet 2.0 adds more entropy by creating a seed from cursor movements, timeStamp and password.

The random bytes are then hashed with the seed to give a private key.

Will remove the mention to NCC in this version.

@Quantum_Mechanics , Thank you very much for your explanation.
I could understand almost the whole thing.
Thank you very much for your answer to your busy schedule.

Thank you.